WarFTPD buffer overflow
| war-ftpd (345) |  High Risk |
Description:
WarFTPD is vulnerable to a buffer overflow in the way WarFTPD handles the USER and PASS commands. A remote attacker can overflow a buffer and execute arbitrary commands on the server.
Consequences:
Gain Access
Remedy:
Upgrade to the latest version of WarFTPD (1.70 beta or later), available from the Jgaa's Internet Web site. See References.
References:
- Jgaa's Internet - Bugreports and bugfixes: R0046: War FTP Daemon v. 1.* R0046.
- Jgaa's Internet Web site: New support and download site!.
- BID-10078: Jarle Aase War FTPD USER/PASS Buffer Overflow Vulnerability
- CVE-1999-0256: Buffer overflow in War FTP allows remote execution of commands.
- OSVDB ID: 875: WarFTPd USER/PASS Overflow
Platforms Affected:
- Jgaa WarFTPd
- Microsoft Windows 2000
- Microsoft Windows 2003 Server
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows Me
- Microsoft Windows NT 4.0
- Microsoft Windows XP
Reported:
Mar 19, 1998
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net