PT-2011-5167 · Attachmate · Rftpcom.Dll+5
Francis Provencher
·
Published
2011-12-25
·
Updated
2017-08-29
·
CVE-2011-5012
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Attachmate Reflection 2008
Reflection 2011 R1 versions prior to 15.3.2.569
Reflection 2011 R1 SP1 versions prior to the latest update
Reflection 2011 R2 versions prior to 15.4.1.327
Reflection Windows Client 7.2 SP1 versions prior to hotfix 7.2.1186
Reflection 14.1 SP1 versions prior to 14.1.1.206
rftpcom.dll version 7.2.0.106
Description
A heap-based buffer overflow issue exists, allowing remote FTP servers to execute arbitrary code via a long directory name in a response to a LIST command.
Recommendations
For Attachmate Reflection 2008, update to a newer version to mitigate the risk.
For Reflection 2011 R1, update to version 15.3.2.569 or later.
For Reflection 2011 R1 SP1, apply the latest update.
For Reflection 2011 R2, update to version 15.4.1.327 or later.
For Reflection Windows Client 7.2 SP1, apply hotfix 7.2.1186 or later.
For Reflection 14.1 SP1, update to version 14.1.1.206 or later.
For rftpcom.dll version 7.2.0.106, consider updating the library to a newer version.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Attachmate Reflection 2008
Reflection 14.1 Sp1
Reflection 2011 R1
Reflection 2011 R2
Reflection Windows Client 7.2 Sp1
Rftpcom.Dll