13 lines
No EOL
1 KiB
Text
13 lines
No EOL
1 KiB
Text
source: http://www.securityfocus.com/bid/2901/info
|
|
|
|
erberus FTP Server is a free, multi-threaded file transfer utility for Microsoft Windows systems.
|
|
|
|
There is a buffer overflow in Cerberus FTP Server. The problem occurs when a user is attempting to authenticate. If the login fields(username, password) are filled with an excessive amount of characters(300+) then the affected service will crash. The FTP Server software will need to be restarted to regain normal functionality.
|
|
|
|
It has also been reported that entering an excessive amount of characters in just the password field will acheive the same result.
|
|
|
|
Due to the fact that the problem stems from a buffer overflow, there is a possibility that arbitrary code may be executed on the vulnerable host.
|
|
|
|
This vulnerability does not require any user authentication to exploit. It may be possible for remote users to cause a denial of service or execute arbitrary code on target hosts.
|
|
|
|
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/20946.exe |