13 lines
No EOL
1 KiB
Text
13 lines
No EOL
1 KiB
Text
source: https://www.securityfocus.com/bid/2901/info
|
|
|
|
erberus FTP Server is a free, multi-threaded file transfer utility for Microsoft Windows systems.
|
|
|
|
There is a buffer overflow in Cerberus FTP Server. The problem occurs when a user is attempting to authenticate. If the login fields(username, password) are filled with an excessive amount of characters(300+) then the affected service will crash. The FTP Server software will need to be restarted to regain normal functionality.
|
|
|
|
It has also been reported that entering an excessive amount of characters in just the password field will acheive the same result.
|
|
|
|
Due to the fact that the problem stems from a buffer overflow, there is a possibility that arbitrary code may be executed on the vulnerable host.
|
|
|
|
This vulnerability does not require any user authentication to exploit. It may be possible for remote users to cause a denial of service or execute arbitrary code on target hosts.
|
|
|
|
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/20946.exe |