KTH Kerberos 4 FTP client heap overflow
| kerberos4-ftp-client-overflow (8938) |  High Risk |
Description:
The FTP client in KTH Kerberos is vulnerable to a heap overflow. By sending an overly long response to a request for passive mode by a Kerberos FTP client, a malicious FTP server could overflow the pasv buffer and execute arbitrary code on the system.
Consequences:
Gain Access
Remedy:
No remedy available as of May 1, 2013.
References:
- BugTraq Mailing List, Wed Apr 24 2002 - 15:13:23 CDT: A bug in the Kerberos4 ftp client may cause heap overflow which leads to remote code execution.
- KTH Kerberos Web site: Kerberos page.
- BID-4592: KTH eBones Kerberos4 FTP Client Passive Mode Heap Overflow Vulnerability
- CVE-2002-0600: Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote malicious servers to execute arbitrary code on the client via a long response to a passive (PASV) mode request.
- OSVDB ID: 4897: KTH Kerberos 4 FTP Client PASV Execute Arbitrary Code
Platforms Affected:
- MIT Kerberos 4-1.0.2
- MIT Kerberos 4-1.0.3
- MIT Kerberos 4-1.0.4
- MIT Kerberos 4-1.1.1
Reported:
Apr 24, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this