TurboSoft TurboFTP Server PORT Command Buffer Overflow
Added: 11/05/2012BID: 55764
OSVDB: 85887
Background
TurboSoft TurboFTP Server is a MS Windows based file transfer server that provides FTP, FTP over SSL/TLS, and SFTP over SSH services.Problem
TurboFTP Server 1.30.826 is vulnerable to a stack based buffer overflow that could allow remote code execution. The specific vulnerability is a result of inadequate boundary checking during the parsing of an FTP port command. A remote authenticated attacker could trigger this vulnerability by providing a specially crafted IP octet string, executing arbitrary code in the context of the affected server.Resolution
Contact the vendor for an update to TurboFTP 1.30.826 when one becomes available.References
http://secunia.com/advisories/50595/Limitations
A valid FTP user's credentials must be given to the exploit script. A valid user may include the anonymous user.This exploit has been tested against TurboSoft TurboFTP 1.30.826 on Microsoft Windows Server 2003 SP2 English (DEP OptOut) and Microsoft Windows Server 2008 SP2 (DEP OptOut).
Platforms
WindowsBack to exploit index