Check Point Advisories

Preemptive Protection against CesarFTP and XM Easy Personal FTP Server Buffer Overflow Vulnerabilities

Check Point Reference: CPAI-2006-092
Date Published: 20 Jul 2006
Severity: Medium
Last Updated: Tuesday 15 May, 2007
Source: SecurTeam
SecurityFocus
Industry Reference:CVE-2006-2225
CVE-2006-2961
Protection Provided by:
Who is Vulnerable?  XM Easy Personal FTP Server Version 4.3
CesarFTP version 0.99g
Vulnerability Description XM Easy Personal FTP Server fails to validate user-supplied data. Attacker can exploit this issue to execute arbitrary code on the affected server. 

CesarFTP contains a buffer overflow error in the handling of overly long arguments passed to the MKD command. Remote attackers can compromise a vulnerable system or crash an affected application.
Vulnerability DetailsCesarFTP: The vulnerability is caused by improper checking of the MKD command. By sending an overly long MKD command, a remote attacker could execute arbitrary code on the system or cause the application to crash.


XM Easy Personal FTP Server: The vulnerability is specifically in the authentication functionality. By sending an overly long username, a remote attacker could execute arbitrary code on the system or cause the server to crash.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK