CVE-2006-0100

Name of the Vulnerable Software and Affected Versions: NicoFTP versions 3.0.1.19 and earlier

Description: A buffer overflow issue might allow local users to execute arbitrary code via a long string in the Name of site field of an FTP account. However, since the program executes with the privileges of the invoking user and remote programs do not normally have the ability to create or modify FTP accounts, there may not be a typical attack vector for the issue that crosses privilege boundaries.

Recommendations: For NicoFTP versions 3.0.1.19 and earlier, consider restricting the length of the string in the Name of site field to prevent potential buffer overflow issues. At the moment, there is no information about a newer version that contains a fix for this issue.