EvolutionX Multiple Remote Buffer Overflow Vulnerabilities

The FTP server that is distributed with EvolutionX has been reported prone to multiple buffer overflow vulnerabilities. The first of these vulnerabilities exists post-authentication, and is due to a lack of sufficient bounds checking performed on arguments that are passed to the 'cd' command.

The second issue exists pre-authentication, excessive data passed as username:password combination to the affected FTP server will trigger the buffer overrun.

Finally the telnet server that is distributed with EvolutionX has been reported prone to a buffer overflow vulnerability when handling excessive data passed as an argument to the 'dir' command.

An attacker may exploit any one of these issues to deny service to legitimate users of the XBOX appliance, it has been conjectured that these issues may be exploitable to result in arbitrary code execution.


 

Privacy Statement
Copyright 2010, SecurityFocus