Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

TNFTPD < 20040811 Globbing Overflow

Medium

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote host is running TNFTPD, a port of the NetBSD FTP daemon. This version of TNFTPD is vulnerable to a remote buffer overflow. The flaw is within the glob.c function. An attacker exploiting this flaw would need to authenticate to the server and then pass a malformed string that would be interpreted by the glob function. Successful exploitation results in the attacker executing arbitrary code on the remote system.

Solution

Upgrade to version 20040811 or higher.