[原文]Buffer overflow in the FTP server of Hummingbird Connectivity 7.1 and 9.0 allows remote, authenticated users to cause a denial of service (application crash) via a long argument to the XCWD command.
It is reported that Hummingbird has fixes available for this issue, but it has not been confirmed. Please contact the vendor for further information on obtaining fixes. Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org .
Hummingbird Connectivity FTP Service XCWD Command Overflow
Remote / Network Access
Loss of Integrity,
Loss of Availability
A remote overflow exists in Hummingbird Connectivity's FTP server. The product fails to properly validate data passed in via the XCWD command, resulting in a buffer overflow. By sending a pathname of 256-259 characters as the argument to the XCWD command, an attacker can cause the FTP service to crash, resulting in a loss of availability.
Currently, there are no known workarounds or upgrades to correct this issue. However, vendor has released a patch to address this vulnerability.