|Check Point Reference:||CPAI-2006-092|
|Date Published:||20 Jul 2006|
|Last Updated:||15 May 2007|
|Protection Provided by:|
|Who is Vulnerable?|| XM Easy Personal FTP Server Version 4.3|
CesarFTP version 0.99g
|Vulnerability Description||XM Easy Personal FTP Server fails to validate user-supplied data. Attacker can exploit this issue to execute arbitrary code on the affected server.
CesarFTP contains a buffer overflow error in the handling of overly long arguments passed to the MKD command. Remote attackers can compromise a vulnerable system or crash an affected application.
|Vulnerability Details||CesarFTP: The vulnerability is caused by improper checking of the MKD command. By sending an overly long MKD command, a remote attacker could execute arbitrary code on the system or cause the application to crash.|
XM Easy Personal FTP Server: The vulnerability is specifically in the authentication functionality. By sending an overly long username, a remote attacker could execute arbitrary code on the system or cause the server to crash.