Info

Disclosure

Oct 22, 2004

Discovery

Unknown

Dates

Exploit

Oct 22, 2004

Solution

Unknown

Description

A remote overflow exists in Ability Server. The FTP 'STOR' command fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long argument to the 'STOR' command, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Code-Crafters Software LLP

Ability Server

2.34

References

Security Tracker: 1011858
Secunia Advisory ID: 12941
CVE ID: 2004-1626 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0244.html
Vendor URL: http://www.code-crafters.com/abilityserver/index.html
Generic Exploit URL: http://www.k-otik.com/exploits/20041021.ability-2.34-ftp-stor.py.php

Credit

Jérôme - jerome.athiascaramail.com -

Direct URL: http://osvdb.org/36218