How can I help you? Start Chat

US Phone: 1-866-488-6691
International Phone: +44-2036087492

  • E-Mail
  • Facebook
  • LinkedIn
  • Twitter

Check Point Advisories

Preemptive Protection against CesarFTP and XM Easy Personal FTP Server Buffer Overflow Vulnerabilities

Check Point Reference: CPAI-2006-092
Date Published: 20 Jul 2006
Severity: Medium
Last Updated: 15 May 2007
Source: SecurTeam
SecurityFocus
Industry Reference:CVE-2006-2225
CVE-2006-2961
Protection Provided by:
Who is Vulnerable?  XM Easy Personal FTP Server Version 4.3
CesarFTP version 0.99g
Vulnerability Description XM Easy Personal FTP Server fails to validate user-supplied data. Attacker can exploit this issue to execute arbitrary code on the affected server. 

CesarFTP contains a buffer overflow error in the handling of overly long arguments passed to the MKD command. Remote attackers can compromise a vulnerable system or crash an affected application.
Vulnerability DetailsCesarFTP: The vulnerability is caused by improper checking of the MKD command. By sending an overly long MKD command, a remote attacker could execute arbitrary code on the system or cause the application to crash.


XM Easy Personal FTP Server: The vulnerability is specifically in the authentication functionality. By sending an overly long username, a remote attacker could execute arbitrary code on the system or cause the server to crash.

Protection Overview