Open and Compact FTP Server Long Password Buffer Overflow

Added: 03/22/2010

Background

Open and Compact FTP Server (Open-FTPD) is a Windows-based compact FTP server.

Problem

A buffer overflow vulnerability allows command execution as a result of an overly long password.

Resolution

Upgrade to a version newer than 1.2 when it becomes available, or use a different FTP server.

References

http://www.exploit-db.com/exploits/11742
http://www.expbase.com/Remote/1718.html

Limitations

Exploit works on Open and Compact FTP Server 1.2.

Platforms

Windows

Back to exploit index