vendor:
WarFTP
by:
Winny Thomas
7.5
CVSS
HIGH
Stack Overflow
121
CWE
Product Name: WarFTP
Affected Version From: 1.65
Affected Version To: 1.65
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Windows 2000 server SP4 inside VMware
Remote exploit for WarFTP 1.65
A stack overflow vulnerability exists in WarFTP 1.65, which can be triggered by sending a long username (>480 bytes) along with the USER ftp command. This exploit binds a shell on TCP port 4444 and connects to it.
Mitigation:
Apply the latest patch or upgrade to a newer version of WarFTP.