Core FTP < 2.2 build 1769 Multiple Buffer Overflows

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

An FTP client on the remote host is affected by multiple buffer
overflow vulnerabilities.

Description :

The version of Core FTP installed on the remote host is prior to 2.2
build 1769 (2.2.1768.0). It is, therefore, affected by multiple buffer
overflow vulnerabilities because user-supplied input is not properly
validated when handling directory names. A remote attacker could
potentially exploit this issue with specially crafted directory names,
resulting in a denial of service or code execution subject to the user's
privileges.

Note that the fix for this issue is version 2.2 Build 1769 while the
actual file version is 2.2.1768.

See also :

http://coreftp.com/forums/viewtopic.php?t=137481

Solution :

Upgrade to Core FTP 2.2 build 1769 (2.2.1768.0) or later.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.6
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 65789 ()

Bugtraq ID: 58634

CVE ID: CVE-2013-0130

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now