Orenosv HTTP/FTP Server commands buffer overflow

orenosv-http-ftp-commands-bo (20510) The risk level is classified as HighHigh Risk

Description:

Orenosv HTTP/FTP Server is a FTP server running on Microsoft Windows and Linux-based operating systems. Orenosv HTTP/FTP Server version 0.8.1 and possibly earlier versions are vulnerable to a buffer overflow caused by improper bounds checking of user-supplied input in the handling of various FTP commands, such as MKD, RMD, LIST, DELE, and RETR. A remote attacker could send a specially-crafted Server Side Includes (SSI) file name of 249 or 250 bytes to the ftp_do_dele() function to execute arbitrary code on the system or cause a denial of service attack.


Consequences:

Gain Access

Remedy:

Upgrade to the latest version of Orenosv HTTP/FTP Server (0.8.1a or later), available from the Orenosv HTTP/FTP Server Web page. See References.

References:

  • Orenosv HTTP/FTP Server Web page: Orenosv HTTP/FTP Server.
  • SIG^2 Vulnerability Research Advisory : Orenosv HTTP/FTP Server Buffer Overflow Vulnerabilities.
  • BID-13546: Orenosv HTTP/FTP Server FTP Commands Remote Buffer Overflow Vulnerability
  • BID-13549: Orenosv HTTP/FTP Server CGISSI.EXE Remote Buffer Overflow Vulnerability
  • CVE-2005-1666: Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via long arguments to FTP commands such as MKD, RMD, or DELE, which are processed by the (1) ftp_xlate_path, (2) ftp_is_canonical, or (3) os_fn_nativize functions, or (4) a long SSI command that is processed by the parse_cmd function in cgissi.exe.
  • SA15302: Orenosv HTTP/FTP Server Buffer Overflow Vulnerabilities
  • SECTRACK ID: 1013923: Orenosv HTTP/FTP Server FTP Command Buffer Overflow Lets Remote Users Crash the Server and HTTP SSI Buffer Overflow May Let Local Users Execute Arbitrary Code
  • VUPEN/ADV-2005-0499: Orenosv HTTP/FTP Server Remote Buffer Overflow Vulnerabilities

Platforms Affected:

  • ma kataoka Orenosv HTTP/FTP Server prior to 0.8.1

Reported:

May 09, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page