CVE-2005-3524

Name of the Vulnerable Software and Affected Versions linux-ftpd-ssl version 0.17

Description The issue concerns a buffer overflow in the SSL-ready version of linux-ftpd, which allows remote attackers to execute arbitrary code. This can be achieved by creating a long directory name and then executing the XPWD command. Additionally, multiple vulnerabilities in the ftpd-ssl package may lead to breaches in confidentiality, integrity, and availability of protected information, and these can be exploited remotely.

Recommendations For linux-ftpd-ssl version 0.17, consider disabling the XPWD command as a temporary workaround until a patch is available. Restrict access to the ftpd-ssl package to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.