Frox FTP Cache Retrieval Buffer Overflow Vulnerability

Frox is a freely available, open source FTP proxy software package. It is maintained by public domain, and indexed by Sourceforge.

frox is vulnerable to a buffer overflow. If the caching option is enabled, a file downloaded from a long path can overflow a routine that writes the header file information.

This makes it possible for a malicious ftp server to spawn a shell allowing local access on a system running the vulnerable software. The frox program is typically not a root-run process.


Privacy Statement
Copyright 2010, SecurityFocus