Info

Disclosure

Jul 31, 2006

Discovery

Jul 28, 2006

Dates

Exploit

Unknown

Solution

Unknown

Description

The vulnerability is caused due to a boundary error in the processing of the "PASS" command. This can be exploited to cause a stack-based buffer overflow by supplying an overly long argument (more than 2571 bytes).

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Public, Exploit Commercial

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

EFS Software, Inc.

Easy File Sharing FTP Server

2.0

References

CVE ID: 2006-3952 (see also: NVD)
Secunia Advisory ID: 21289
Milw0rm: 2234 3579
Exploit Database: 2234 3579
Metasploit ID: 27646
Generic Exploit URL: http://immunitysec.com
Vendor URL: http://www.efssoft.com/

Credit

h07 - h07interia.pl -

Direct URL: http://osvdb.org/27646