Core FTP Server < 1.2 Build 508 lstrcpy Overflow Code Execution

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.

Synopsis :

The FTP server running on the remote host is affected by a code
execution vulnerability.

Description :

The version of Core FTP running on the remote host is prior to 1.2
build 508. It is, therefore, affected by buffer overflow conditions
in the RegQueryValueExA() and lstrcpy() functions due to improper
validation of user-supplied input when reading data from the
config.dat file and/or from the Windows Registry. A local attacker can
exploit this to cause a denial of service condition or to execute
arbitrary code.

See also :

Solution :

Upgrade to Core FTP version 1.2 build 508 or later.

Risk factor :

High / CVSS Base Score : 7.2
CVSS Temporal Score : 6.3
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 72661 ()

Bugtraq ID: 65692

CVE ID: CVE-2014-1215

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now