CaesarFTPD FTP Command Buffer Overflow Vulnerability

CasesarFTP is a Windows FTP server from ACLogic.

By sending a long string of characters argumenting any of several FTP commands, an attacker can cause a stack overflow.

A remote user could supply a properly-structured argument to an affected command, designed to exceed the maximum length of the input buffer. The values stored in this buffer can overflow onto the stack, potentially overwriting the calling functions' return address with values that can alter the program's flow of execution.

Properly exploited, this could grant the attacker 'SYSTEM' privilege (under NT/2000) or the ability to execute arbitrary code.


 

Privacy Statement
Copyright 2010, SecurityFocus