Overview
Golden FTP server contains a buffer overflow that may allow a remote attacker to execute arbitrary code.
Description
Golden FTP server is a personal FTP server for the Microsoft Windows platform. The RNTO (rename to) command is used in conjunction with the RNFR (rename from) to rename a file on the server. Specifically, RNFR is used to specify the current name of the file, and RNTO is used to specify the new name for the file. If a remote unauthenticated attacker sends a specially crafted rename request (RNFR and RNTO) to a vulnerable Golden FTP server, they may be able to trigger a buffer overflow vulnerability in the routine that handles RNTO commands. Please note that an exploit for this vulnerability is publicly available. |
Impact
A remote unauthenticated attacker may be able to execute arbitrary code with the privileges of the Golden FTP server. |
Solution
Upgrade |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to barabas mutsonline for reporting this vulnerability.
This document was written by Lucy Crocker.
Other Information
| CVE IDs: | None |
| Severity Metric: | 17.25 |
| Date Public: | 2005-01-22 |
| Date First Published: | 2005-02-25 |
| Date Last Updated: | 2005-02-25 16:49 UTC |
| Document Revision: | 60 |