PT-2011-1481 · Novell · Nwftpd.Nlm
Francis Provencher
·
Published
2011-03-18
·
Updated
2017-08-17
·
CVE-2010-4228
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Novell NetWare NWFTPD.NLM versions prior to 5.10.02
Description
The issue is a stack-based buffer overflow in the FTP server that allows remote authenticated users to execute arbitrary code or cause a denial of service via a long DELE command.
Recommendations
For versions prior to 5.10.02, update to version 5.10.02 or later to resolve the issue. As a temporary workaround, consider restricting access to the DELE command in the FTP server until a patch is available.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nwftpd.Nlm