PT-2005-4440 · Freeftpd · Freeftpd

Barabas

Published

2005-11-19

Updated

2017-07-11

CVE-2005-3684

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions freeFTPd version 1.0.8

Description The issue concerns buffer overflows that can be triggered by remote authenticated attackers. This can lead to a denial of service, causing the application to crash, and potentially allow the execution of arbitrary code. The overflows are caused by long MKD and DELE commands.

Recommendations For freeFTPd version 1.0.8, consider disabling the MKD and DELE commands as a temporary workaround until a patch is available. Restrict access to these commands to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-3684

Affected Products

Freeftpd

PT-2005-4440 · Freeftpd · Freeftpd

CVE-2005-3684

Related Identifiers

Affected Products

References · 8