Info

Disclosure

Oct 14, 2008

Discovery

Unknown

Dates

Exploit

Oct 14, 2008

Solution

Unknown

Description

A remote overflow exists in Etype Eserv. The FTP server fails to properly bounds check user input resulting in a stack-based overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Etype Company

Eserv

3.26

References

CVE ID: 2008-4588 (see also: NVD)
Bugtraq ID: 31753
ISS X-Force ID: 45864
Milw0rm: 6752
Exploit Database: 6752
Other Advisory URL: http://securityreason.com/securityalert/4415
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2008-4900.php
Vendor URL: http://www.eserv.ru/eserv/
Packet Storm: http://www.packetstormsecurity.org/filedesc/eserv-overflow.txt.html

Credit

LiquidWorm - liquidwormgmail.com -

Direct URL: http://osvdb.org/49184