Core FTP < 2.2 build 1785 CWD Command Buffer Overflow

High Nessus Plugin ID 70656


An FTP client on the remote host is affected by a stack-based buffer overflow vulnerability.


The version of Core FTP installed on the remote host is prior to 2.2 build 1785. It is, therefore, affected by a stack-based buffer overflow vulnerability because user-supplied input is not properly validated when handling directory names via the 'CWD' command. A remote attacker could potentially exploit this issue with specially crafted directory names, resulting in a denial of service or code execution subject to the user's privileges.


Upgrade to Core FTP 2.2 build 1785 or later.

See Also

Plugin Details

Severity: High

ID: 70656

File Name: coreftp_2_2_1785.nasl

Version: $Revision: 1.2 $

Type: local

Agent: windows

Family: Windows

Published: 2013/10/28

Modified: 2016/05/04

Dependencies: 59243

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:coreftp:coreftp

Required KB Items: SMB/CoreFTP/Installed

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/08/14

Vulnerability Publication Date: 2013/08/15

Reference Information

CVE: CVE-2013-3930

BID: 61786

OSVDB: 96314