Core FTP < 2.2 build 1785 CWD Command Buffer Overflow
High Nessus Plugin ID 70656
SynopsisAn FTP client on the remote host is affected by a stack-based buffer overflow vulnerability.
DescriptionThe version of Core FTP installed on the remote host is prior to 2.2 build 1785. It is, therefore, affected by a stack-based buffer overflow vulnerability because user-supplied input is not properly validated when handling directory names via the 'CWD' command. A remote attacker could potentially exploit this issue with specially crafted directory names, resulting in a denial of service or code execution subject to the user's privileges.
SolutionUpgrade to Core FTP 2.2 build 1785 or later.