TNFTPD < 20040811 Globbing Overflow
Medium Nessus Network Monitor Plugin ID 3836
SynopsisThe remote host is vulnerable to a buffer overflow.
DescriptionThe remote host is running TNFTPD, a port of the NetBSD FTP daemon. This version of TNFTPD is vulnerable to a remote buffer overflow. The flaw is within the glob.c function. An attacker exploiting this flaw would need to authenticate to the server and then pass a malformed string that would be interpreted by the glob function. Successful exploitation results in the attacker executing arbitrary code on the remote system.
SolutionUpgrade to version 20040811 or higher.