Info

Disclosure

Mar 16, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in NWFTPD. The product fails to perform correct boundary checks on the target file of an MDTM command resulting in a buffer overflow. With a specially crafted file path, an attacker can cause denial of service resulting in a loss of availability for the platform.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Rumored
Disclosure: OSVDB Verified, Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Novell has released a patch to address this vulnerability.

Products

Novell, Inc.

Netware NWFTPD

5.06.05

References

Security Tracker: 1015781
Bugtraq ID: 17137
Secunia Advisory ID: 19265
CVE ID: 2006-1322 (see also: NVD)
SCIP VulDB ID: 2087
ISS X-Force ID: 25289
VUPEN Advisory: ADV-2006-0975
Vendor Specific News/Changelog Entry: http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973435.htm
Keyword: NOVL41172 TID2973435

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/23949