vendor:
Net::FTP
by:
Lance M. Havok, Kevin Finisterre
7.5
CVSS
HIGH
Heap Buffer Overflow
CWE
Product Name: Net::FTP
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:ruby:net_ftp
Platforms Tested: All platforms with Ruby and Net::FTP library
2007
FTP LIST heap buffer overflow
This script demonstrates a heap buffer overflow vulnerability in the FTP LIST command. It sends a payload of 251 bytes followed by specific values to trigger the overflow. This vulnerability allows an attacker to potentially execute arbitrary code or crash the FTP server.
Mitigation:
Apply the latest patches and updates from the vendor. Consider using a more secure FTP server implementation.