header-logo
Suggest Exploit
vendor:
Cerberus FTP Server
by:
SecurityFocus
7.5
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: Cerberus FTP Server
Affected Version From: 1
Affected Version To: 1.0.2
Patch Exists: YES
Related CWE: N/A
CPE: //a:cerberusftpserver:1.0.2
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

Buffer Overflow in Cerberus FTP Server

Cerberus FTP Server is a free, multi-threaded file transfer utility for Microsoft Windows systems. There is a buffer overflow in Cerberus FTP Server. The problem occurs when a user is attempting to authenticate. If the login fields(username, password) are filled with an excessive amount of characters(300+) then the affected service will crash. The FTP Server software will need to be restarted to regain normal functionality. It has also been reported that entering an excessive amount of characters in just the password field will acheive the same result. Due to the fact that the problem stems from a buffer overflow, there is a possibility that arbitrary code may be executed on the vulnerable host. This vulnerability does not require any user authentication to exploit. It may be possible for remote users to cause a denial of service or execute arbitrary code on target hosts.

Mitigation:

Upgrade to the latest version of Cerberus FTP Server, or apply the appropriate patch.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2901/info

erberus FTP Server is a free, multi-threaded file transfer utility for Microsoft Windows systems.

There is a buffer overflow in Cerberus FTP Server. The problem occurs when a user is attempting to authenticate. If the login fields(username, password) are filled with an excessive amount of characters(300+) then the affected service will crash. The FTP Server software will need to be restarted to regain normal functionality.

It has also been reported that entering an excessive amount of characters in just the password field will acheive the same result.

Due to the fact that the problem stems from a buffer overflow, there is a possibility that arbitrary code may be executed on the vulnerable host.

This vulnerability does not require any user authentication to exploit. It may be possible for remote users to cause a denial of service or execute arbitrary code on target hosts. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/20946.exe

Navigation

Suggest Exploit

Services By CQR