TurboSoft TurboFTP Server PORT Command Buffer Overflow

Added: 11/05/2012
BID: 55764
OSVDB: 85887


TurboSoft TurboFTP Server is a MS Windows based file transfer server that provides FTP, FTP over SSL/TLS, and SFTP over SSH services.


TurboFTP Server 1.30.826 is vulnerable to a stack based buffer overflow that could allow remote code execution. The specific vulnerability is a result of inadequate boundary checking during the parsing of an FTP port command. A remote authenticated attacker could trigger this vulnerability by providing a specially crafted IP octet string, executing arbitrary code in the context of the affected server.


Contact the vendor for an update to TurboFTP 1.30.826 when one becomes available.




A valid FTP user's credentials must be given to the exploit script. A valid user may include the anonymous user.

This exploit has been tested against TurboSoft TurboFTP 1.30.826 on Microsoft Windows Server 2003 SP2 English (DEP OptOut) and Microsoft Windows Server 2008 SP2 (DEP OptOut).



Back to exploit index