WarFTPD Multiple Format String Vulnerabilities Network Vulnerability

Summary

WarFTPd is prone to multiple remote format-string vulnerabilities because the application fails to sanitize user-supplied input before passing it to a formatted-output function. An attacker can exploit these issues to crash the server and possibly to execute arbitrary code within the context of the server, but this has not been confirmed. WarFTPd 1.82.00-RC11 is reported vulnerable prior versions may be vulnerable as well.

Solution

Updates are available. Please see the references for details.

References

http://support.jgaa.com/index.php?MenuPage=product
http://www.securityfocus.com/archive/1/450804
http://www.securityfocus.com/archive/1/506443
http://www.securityfocus.com/bid/20944

Updated on 2015-03-25

Severity

Classification

CVE CVE-2006-5789
CVSS Base Score: 4.0
AV:N/AC:L/Au:S/C:N/I:N/A:P

Related Vulnerabilities

Ricoh DC Software DL-10 FTP Server 'USER' Command Buffer Overflow Vulnerability
War FTP Daemon CWD/MKD Buffer Overflow
Cerberus FTP Server 'ALLO' Command Buffer Overflow Vulnerability
pyftpdlib FTP Server Denial of Service Vulnerability
XM Easy Personal FTP Server 'LIST' And 'NLST' Command DoS Vulnerability

Take action and discover your vulnerabilities