Vermillion FTPD is prone to an overflow condition. The server fails to properly sanitize user-supplied input resulting in a stack overflow. With a specially crafted PORT command, a remote attacker can potentially cause arbitrary code execution.
Classification
Location:
Remote / Network Access
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Solution:
Solution Unknown
Exploit:
Exploit Public
Disclosure:
Uncoordinated Disclosure
Solution
OSVDB is not aware of a solution for this vulnerability.
We currently have no CVSS2 data on this vulnerability. Feel free to suggest it.
Blogs
This product uses the Daylife API but is not endorsed or certified by Daylife.
This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.
Its funny to see where my release ends up. Exploit was found and researched by me(X4lt). First published @ http://www.global-evolution.info/news/?p=868
Then dumped by Dz_attacker on exploit-db.com - Next time plz ask the author!!
