PT-2002-1648 · Kth · Kth Kerberos 4 Ftp Client

Publicado

2002-06-11

Atualizado

2008-09-10

CVE-2002-0600

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions KTH Kerberos 4 FTP client version 4-1.1.1

Description The issue is related to a heap overflow in the KTH Kerberos 4 FTP client. This allows remote malicious servers to execute arbitrary code on the client via a long response to a passive (PASV) mode request.

Recommendations For version 4-1.1.1, consider disabling the use of passive mode until a patch is available. Restrict access to untrusted FTP servers to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2002-0600

Produtos afetados

Kth Kerberos 4 Ftp Client

PT-2002-1648 · Kth · Kth Kerberos 4 Ftp Client

CVE-2002-0600

Identificadores relacionados

Produtos afetados

Referências · 4