CVE-2011-5166 Information
Description
Multiple stack-based buffer overflows in KnFTP 1.0.0 allow remote attackers to execute arbitrary code via a long string to the (1) USER (2) PASS (3) REIN (4) QUIT (5) PORT (6) PASV (7) TYPE (8) STRU (9) MODE (10) RETR (11) STOR (12) APPE (13) ALLO (14) REST (15) RNFR (16) RNTO (17) ABOR (18) DELE (19) CWD (20) LIST (21) NLST (22) SITE (23) STST (24) HELP (25) NOOP (26) MKD (27) RMD (28) PWD (29) CDUP (30) STOU (31) SNMT (32) SYST and (33) XPWD commands.
Reference
http://archives.neohapsis.com/archives/bugtraq/2011-09/0015.html http://secunia.com/advisories/45907 http://www.exploit-db.com/exploits/17819 http://www.exploit-db.com/exploits/17856 http://www.exploit-db.com/exploits/17870 http://www.exploit-db.com/exploits/18089 http://www.osvdb.org/75147 https://exchange.xforce.ibmcloud.com/vulnerabilities/69557
Share on: