PT-2004-1431 · Dream Ftp · Dream Ftp

Published

2004-03-18

Updated

2017-07-11

CVE-2004-0277

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Dream FTP version 1.02

Description A format string issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the username.

Recommendations For Dream FTP version 1.02, consider restricting access to the login functionality until a patch is available, and avoid using format string specifiers in the username field to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-0277

Affected Products

Dream Ftp

PT-2004-1431 · Dream Ftp · Dream Ftp

CVE-2004-0277

Related Identifiers

Affected Products

References · 7