Overview
A buffer overflow in the Ability Server may allow remote authenticated attackers to execute arbitrary code.
Description
A lack of input validation in Ability Server's FTP STOR command may allow a buffer overflow to occur. A remote authenticated attacker may be able to exploit this vulnerability by supplying the Ability Server with a specially crafted FTP STOR command. According to reports, Ability Server versions 2.34, 2.25. and 2.32 are vulnerable. However, other versions may also be affected. |
Impact
A remote authenticated attacker may be able to execute arbitrary code with the privileges of the Ability Server process or cause a denial-of-service condition. |
Solution
We are currently unaware of a practical solution to this problem. |
Block or Restrict Access Upgrade The Ability Server has been discontinued. Ability Server users are encouraged to upgrade to the Ability FTP Server to correct this issue. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was publicly reported in a Security Tracker Advisory.Security Tracker credits K-Otik with providing information regarding this issue.
This document was written by Jeff Gennari.
Other Information
| CVE IDs: | None |
| Severity Metric: | 12.94 |
| Date Public: | 2004-10-21 |
| Date First Published: | 2004-12-22 |
| Date Last Updated: | 2004-12-22 19:54 UTC |
| Document Revision: | 70 |