|
NetTerm NetFtpd "USER" Command Buffer Overflow Vulnerability
|
|
Secunia Advisory:
|
SA15140
|
|
|
Release Date:
|
2005-04-27
|
|
Last Update:
|
2005-05-02
|
|
Popularity:
|
5,740 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
System access
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | NetTerm 4.x
NetTerm 5.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2005-1323
|
|
Description:
Sergio Alvarez has reported a vulnerability in NetTerm, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error in the NetFtpd program and can be exploited to cause a buffer overflow by passing an overly long argument to the "USER" FTP command when logging in.
Successful exploitation allows execution of arbitrary code.
An exploit is publicly available.
NOTE: This vulnerability has been rated as a "From local network" issue, since the vendor recommends customers to only use the NetFtpd program behind a firewall in a controlled environment and not as a general purpose FTP server.
Solution:
The vendor has removed NetFtpd in NetTerm 5.1.1.1 and later.
Don't use the NetFtpd program.
Provided and/or discovered by:
Sergio Alvarez
Changelog:
2005-05-02: Added CVE reference.
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
