BlackJumboDog FTP Server Multiple Command Overflow

This script is Copyright (C) 2004-2011 Tenable Network Security, Inc.


Synopsis :

Arbitrary code may be run on the remote host.

Description :

The remote host is running BlackJumboDog FTP server.

This FTP server fails to properly check the length of parameters in
multiple FTP commands, most significant of which is USER, resulting
in a stack overflow.

With a specially crafted request, an attacker can execute arbitrary code
resulting in a loss of integrity, and/or availability.

Solution :

Upgrade to version 3.6.2 or newer

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 14256 (Black_JumboDog_FTP_overflow.nasl)

Bugtraq ID: 10834

CVE ID: CVE-2004-1439