[原文]Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows remote attackers to cause a denial of service and possibly execute arbitrary code via a CWD command with a large number of . (dot) characters.
Discovered by SnakeByte / Eric Sesterhenn <snakebyte@gmx.de>.
-
受影响的程序版本
TransSoft Broker FTP Server 5.0
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 95
-
Microsoft Windows 98
-
Microsoft Windows NT 4.0
-
漏洞讨论
Transoft Broker is an FTP server for the Windows platform.
It is possible for FTP users to cause the host to stop responding. Reportedly, this is possible when submitting a CWD command along with numerous '....' character sequences.
-
漏洞利用
No exploit code is required.
-
解决方案
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.