[原文]Buffer overflow in Golden FTP Server Pro 2.70 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long argument to the (1) NLST or (2) APPE commands, as demonstrated by the Infigo FTPStress Fuzzer.
Golden FTP Server Pro Multiple Command Remote Overflow
Remote / Network Access
Denial of Service,
Loss of Integrity,
Loss of Availability
Golden Server Pro contains a flaw that may allow a remote denial of service. The issue is triggered by sending an overly long NLST or APPE command which could overflow a buffer and crash the service, resulting in loss of availability.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Discovery is credited to Leon Juranic <email@example.com>.
Golden FTP Server Golden FTP Server 2.70
Golden FTP Server is prone to a buffer-overflow vulnerability when handling data through the NLST command.
Reportedly, passing excessive data may overflow a finite-sized internal memory buffer. A successful attack may result in memory corruption as memory adjacent to the buffer is overwritten with user-supplied data.
This issue may lead to a denial-of-service condition or the execution of arbitrary code.
Version 2.70 of Golden FTP Server is vulnerable to this issue; other versions may also be affected.
This issue can be triggered by using the Infigo FTPStress Fuzzer.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:firstname.lastname@example.org.