CVE-2010-20113

Name of the Vulnerable Software and Affected Versions: EasyFTP Server versions 1.7.0.11 and earlier

Description: EasyFTP Server versions 1.7.0.11 and earlier contain a stack-based buffer overflow in its HTTP interface. When processing a GET request to list.html, the server does not validate the length of the path parameter. Providing an excessively long value causes a buffer overflow on the stack, potentially corrupting control flow structures. The vulnerability is exposed through the embedded web server and does not require authentication due to default anonymous access. The product was renamed to UplusFtp in version 1.7.0.12.

Recommendations: Upgrade to EasyFTP Server version 1.7.0.12 or later.