PT-2003-2264 · Smartftp · Smartftp
Publicado
2003-12-31
·
Atualizado
2017-07-29
·
CVE-2003-1319
CVSS v2.0
7.6
Alta
| Vetor | AV:N/AC:H/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
SmartFTP versions 1.0.973 through 1.0.975
Description
The issue is caused by multiple buffer overflows that allow remote attackers to execute arbitrary code. This can be achieved via a long response to a PWD command, which triggers a stack-based overflow, or a long line in a response to a file LIST command, which triggers a heap-based overflow.
Recommendations
For SmartFTP versions 1.0.973 through 1.0.975, update to version 1.0.976 or later to resolve the issue.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Smartftp