FreeFTPd user name buffer overflow

Added: 12/08/2005
CVE: CVE-2005-3683
BID: 15457
OSVDB: 20909

Background

FreeFTPd is a free FTP/FTPS/SFTP server for Windows platforms.

Problem

An unauthenticated remote attacker could execute arbitrary commands by sending a long, specially crafted argument to the USER command.

Resolution

Upgrade to the latest version of FreeFTPd.

References

http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0510.html

Platforms

Windows 2000
Windows XP

Back to exploit index