Worldgroup FTP server long LIST buffer overflow
|worldgroup-ftp-list-bo (8297)||Low Risk|
Worldgroup is vulnerable to a denial of service attack in the built-in FTP server caused by a buffer overflow. By sending a specially-crafted LIST command, a remote attacker can overflow a buffer and cause the FTP server to crash.
Denial of Service
No remedy available as of September 1, 2014.
- BugTraq Mailing List, Wed Feb 27 2002 - 07:15:54 CST: LBYTE&SECURITY.NNOV: Buffer overflows in Worldgroup.
- Galacticomm Technologies Web site: Galacticomm \ NetVillage (Home Page).
- BID-4185: Galacticomm Worldgroup Remote FTP Denial of Service Vulnerability
- CVE-2002-0336: Buffer overflow in Galacticomm Worldgroup FTP server 3.20 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a LIST command containing a large number of / (slash), * (wildcard), and .. characters.
- OSVDB ID: 14408: Galacticomm Worldgroup FTP Server Malformed LIST Command Overflow
- Galacticomm Technologies Worldgroup 3.x
Feb 25, 2002