Hummingbird InetD FTP Component (ftpdw.exe) Command Overflow

high Nessus Plugin ID 18402

Synopsis

The remote FTP server is affected by a buffer overflow vulnerability.

Description

According to its banner, the ftpd daemon installed on the remote host is from the Hummingbird Connectivity suite and suffers from a buffer overflow vulnerability. An attacker can crash the daemon and possibly execute arbitrary code remotely within the context of the affected service.

Solution

Apply the appropriate patch referenced in the vendor advisory above.

See Also

http://www.nessus.org/u?83df6392

Plugin Details

Severity: High

ID: 18402

File Name: hummingbird_ftpd_overflow.nasl

Version: 1.16

Type: remote

Family: FTP

Published: 5/30/2005

Updated: 7/12/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.1

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 5/18/2005

Exploitable With

Metasploit (Hummingbird Connectivity 10 SP5 LPD Buffer Overflow)

Reference Information

CVE: CVE-2005-1815

BID: 13790