BisonFTP Multiple Commands Remote Buffer Overflow Vulnerabilities Network Vulnerability

Summary

The host is running BisonFTP Server and is prone to multiple buffer overflow vulnerabilities.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code on the system or cause the application to crash. Impact Level: System/Application

Solution

Upgrade to BisonFTP Server Version 4.1 or higher.

Insight

The flaws are due to an error while processing the 'USER', 'LIST', 'CWD' multiple commands, which can be exploited to cause a buffer overflow by sending a command with specially-crafted an overly long parameter.

Affected

BisonFTP Server prior to version 4.1

References

http://marc.info/?l=ntbugtraq&m=92697301706956&w=2
http://www.exploit-db.com/exploits/17649

Updated on 2015-03-25

Severity

Classification

CVE CVE-1999-1510
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Open-FTPD Multiple Buffer Overflow Vulnerabilities
EFTP installation directory disclosure
FreshWebMaster Fresh FTP Filename Directory Traversal Vulnerability
BSD ftpd Single Byte Buffer Overflow
KnFTPd FTP Server Multiple Commands Remote Buffer Overflow Vulnerabilities

Take action and discover your vulnerabilities