• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

KTH eBones Kerberos4 FTP Client Passive Mode Heap Overflow Vulnerability

This problem affects the ftp client source included with the Kerberos4 eBones implementation maintained and distributed by KTH. It is also part of the default installation of SuSE Linux. It is freely available. This vulnerability affects only Unix and Linux operating systems.

Under some circumstances, it may be possible to take advantage of a heap overflow in the ftp client. Insufficient bounds checking is in place when processing the server response to a client passive mode request. A server response of excessive length may result in heap overflow condition.