CVE-2005-2373

Name of the Vulnerable Software and Affected Versions SlimFTPd versions 3.15 through 3.16

Description The issue allows remote authenticated users to execute arbitrary code via a long directory name to certain commands. This can be achieved by sending a long directory name to the (1) LIST, (2) DELE or (3) RNFR commands.

Recommendations For SlimFTPd versions 3.15 through 3.16, consider restricting access to the LIST, DELE, and RNFR commands until a patch is available. As a temporary workaround, limit the length of directory names that can be processed by these commands to prevent buffer overflow exploitation.