Easy File Sharing FTP Server PASS Command Overflow

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote FTP server is affected by a buffer overflow vulnerability.

Description :

The remote host appears to be using Easy File Sharing FTP Server, an
FTP server for Windows.

The version of Easy File Sharing FTP Server installed on the remote
host contains a stack-based buffer overflow vulnerability that can be
exploited by an unauthenticated attacker with a specially crafted PASS
command to crash the affected application or execute arbitrary code on
the affected host.

Solution :

Unknown at this time.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 7.5
(CVSS2#E:ND/RL:U/RC:ND)
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 24021 (efs_ftp_server_pass_overflow.nasl)

Bugtraq ID: 19243

CVE ID: CVE-2006-3952