Inframail FTP Server NLST Command Remote Overflow

This script is Copyright (C) 2005-2011 Tenable Network Security, Inc.

Synopsis :

The remote FTP server is vulnerable to a buffer overflow attack.

Description :

The remote host is running the FTP server component of Inframail, a
commercial suite of network servers from Infradig Systems.

According to its banner, the installed version of Inframail suffers
from a buffer overflow vulnerability that arises when the FTP server
component processes an NLST command with an excessively long argument
(around 102400 bytes). Successful exploitation will cause the service
to crash and may allow arbitrary code execution.

See also :

Solution :

Upgrade to Inframail 7.12 or later.

Risk factor :

High / CVSS Base Score : 9.0
CVSS Temporal Score : 7.6
Public Exploit Available : false

Family: FTP

Nessus Plugin ID: 18587 (inframail_as_ftp_overflow.nasl)

Bugtraq ID: 14077

CVE ID: CVE-2005-2085

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial