FTP.USER.Command.Overflow

Last Updated Date	Sep 24, 2009
Release Date	Sep 11, 2006
Severity	High
Impact	Denial of Service.
Description	This indicates an attempt to exploit a buffer overflow vulnerability in some File Transfer Protocol (FTP) servers. The vulnerability is due to inadequate user input validation of the "USER" command. A remote attacker can cause Denial of Service (DoS) on a vulnerable system by sending it a specially crafted FTP command.
Affected Products	Shadow Op Software Dragon Server versions 1.0 and 2.0 BlackMoon FTP Server versions prior to and including 1.5 FTP servers from other vendors are potentially vulnerable as well.
Recommended Actions	Apply the appropriate patches or upgrade the system to the latest non-vulnerable version.
Common Vulnerabilities and Exposures (CVE)	http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0256 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0479 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0126 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-3683 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2212
Reference/s	http://www.securityfocus.com/bid/1352 (BugTraq) http://www.securityfocus.com/bid/15457 (BugTraq) http://www.securityfocus.com/bid/17835 (BugTraq) http://www.securityfocus.com/bid/3884 (BugTraq)

Reference: VID-12923