CVE-2014-5211 – Attachmate Reflection FTP Client Stack Buffer Overflow Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2014-5211

Stack-based buffer overflow in the Attachmate Reflection FTP Client before 14.1.433 allows remote FTP servers to execute arbitrary code via a large PWD response. Desbordamiento de buffer basado en pila en el cliente FTP Attachmate Reflection anterior a 14.1.433 permite a servidores FTP remotos ejecutar código arbitrario a través de una respuesta PWD grande. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Attachmate Reflection FTP client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw manifests while parsing the response to a PWD command. The client copies part of the response to a fixed-length stack buffer. • http://secunia.com/advisories/62467 http://support.attachmate.com/techdocs/1708.html http://support.attachmate.com/techdocs/2288.html http://support.attachmate.com/techdocs/2501.html http://support.attachmate.com/techdocs/2502.html http://www.zerodayinitiative.com/advisories/ZDI-15-008 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •