Easy FTP Server MKD command buffer overflow

Added: 04/08/2010
BID: 38102
OSVDB: 62134

Background

UplusFTP (formerly Easy FTP Server) is a free FTP server for Windows platforms.

Problem

A buffer overflow vulnerability allows remote, authenticated attackers to execute arbitrary commands by sending a MKD command with a specially crafted argument.

Resolution

Upgrade to UplusFTP 1.7.1.0 or higher.

References

http://www.net-security.org/vuln.php?id=11092

Limitations

Exploit works on Easy FTP Server 1.7.0.2 on Windows Server 2003 SP2 with the patch KB933729.

This exploit requires valid FTP authentication credentials.

Platforms

Windows

Back to exploit index