CVE-2005-1666

Name of the Vulnerable Software and Affected Versions Orenosv HTTP/FTP Server version 0.8.1

Description The issue is related to multiple buffer overflows that can be triggered by remote authenticated users. This can lead to a denial of service, causing the server to crash, and potentially allow the execution of arbitrary code. The buffer overflows can occur when handling long arguments to certain FTP commands, such as MKD, RMD, or DELE, which are processed by functions like ftp xlate path, ftp is canonical, or os fn nativize. Additionally, a long SSI command processed by the parse cmd function in cgissi.exe can also trigger the issue.

Recommendations For Orenosv HTTP/FTP Server version 0.8.1, consider disabling the FTP commands MKD, RMD, and DELE, as well as restricting the use of SSI commands, until a patch is available. Avoid using long arguments with these commands to minimize the risk of exploitation.