Info

Disclosure

Nov 04, 2005

Discovery

Unknown

Dates

Exploit

Nov 04, 2005

Solution

Unknown

Description

A remote overflow exists in linux-ftpd-ssl. The SSL code fails to validate input to the vsprintf() function resulting in a stack-based buffer overflow. With a specially crafted request which generates more than 2048 bytes of response from the server, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, James Longstreet has released an unofficial patch to address this vulnerability.

Products

Christoph Martin

linux-ftpd-ssl

0.17

References

Milw0rm: 1295
Exploit Database: 1295
Secunia Advisory ID: 17465 17529 17586
CVE ID: 2005-3524 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0131.html
http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0138.html
Vendor URL: http://freshmeat.net/projects/linux-ftpd-ssl/
Other Advisory URL: http://www.debian.org/security/2005/dsa-896
http://www.gentoo.org/security/en/glsa/glsa-200511-11.xml

Credit

kcope - kingcopegmx.net -

Direct URL: http://osvdb.org/20530