header-logo
Suggest Exploit
vendor:
EZ Server
by:
SecurityFocus
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: EZ Server
Affected Version From: All versions
Affected Version To: All versions
Patch Exists: YES
Related CWE: CVE-2002-0753
CPE: /a:ez_server:ez_server
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002

Buffer Overflow in EZ Server

The EZ Server software is vulnerable to a buffer overflow attack when it receives strings of excessive length. This can be exploited by sending a string of A characters with a length of 1993 or 1994 to the ls or cd command respectively. This will cause the server to crash, denying service to legitimate users.

Mitigation:

Upgrade to the latest version of EZ Server software.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7243/info

It has been reported that the EZ Server software does not sufficiently handle strings of excessive length in some circumstances. Because of this, a remote attacker may be able to deny service to legitimate users of the system. 

ls AX (where X is a value of A repeated an additional 1993 times)

cd AX (where X is a value of A repeated an additional 1994 times)

Navigation

Suggest Exploit

Services By CQR