This application requires Javascript for optimal performance.

FTP.USER.Command.Overflow

Alias(es)

FTP.Command.USER.Overflow

Release Date

Sep 11, 2006

Severity

high

Impact

Denial of Service.

Description

This indicates an attempt to exploit a buffer overflow vulnerability in some File Transfer Protocol (FTP) servers.

The vulnerability is due to inadequate user input validation of the "USER" command. A remote attacker can cause Denial of Service (DoS) on a vulnerable system by sending it a specially crafted FTP command.

Affected Products

Shadow Op Software Dragon Server versions 1.0 and 2.0
BlackMoon FTP Server versions prior to and including 1.5
FTP servers from other vendors are potentially vulnerable as well.

Recommended Actions

Apply the appropriate patches or upgrade the system to the latest non-vulnerable version.

Coverage

IPS
VCM

Common Vulnerabilities and Exposures (CVE)

CVE-2006-2212
CVE-1999-0256
CVE-2005-3683
CVE-2002-0126
CVE-2000-0479

Reference/s

http://www.securityfocus.com/bid/17835 (BugTraq)
http://www.securityfocus.com/bid/3884 (BugTraq)
http://www.securityfocus.com/bid/15457 (BugTraq)
http://www.securityfocus.com/bid/22944 (BugTraq)
http://www.securityfocus.com/bid/1352 (BugTraq)
http://www.securityfocus.com/bid/48947 (BugTraq)
http://www.securityfocus.com/bid/49427 (BugTraq)

Reference: VID-12923