Buffer Overflow Vulnerability in FTP Desktop

vendor:

FTP Desktop

by:

SecurityFocus

7.5

CVSS

HIGH

Buffer Overflow

120 (Buffer Copy without Checking Size of Input)

CWE

Product Name: FTP Desktop

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

Buffer Overflow Vulnerability in FTP Desktop

A buffer overflow vulnerability has been reported in FTP Desktop. The vulnerability occurs when FTP Desktop is parsing 331 server responses from remote FTP servers. When FTP Desktop receives an FTP 331 response exceeding a certain length, it will trigger the overflow condition. This could allow for execution of malicious code in the context of the affected FTP client.

Mitigation:

Ensure that all inputs are properly validated and sanitized before being used in any operations.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8560/info

A buffer overflow vulnerability has been reported in FTP Desktop. The vulnerability occurs when FTP Desktop is parsing 331 server responses from remote FTP servers. When FTP Desktop receives an FTP 331 response exceeding a certain length, it will trigger the overflow condition. This could allow for execution of malicious code in the context of the affected FTP client.

Username:
---------
(FTP Desktop Sends 'USER username')
PADDING EBP EIP
331 [229xA][4xB][4xX]
(Access violation when executing 0x58585858) // 4xX

Password:
---------
(FTP Desktop Sends 'PASS password')
PADDING EBP EIP
331 [229xA][4xB][4xX]
(Access violation when executing 0x58585858) // 4xX