1 results (0.002 seconds)

CVSS: 10.0EPSS: 26%CPEs: 40EXPL: 0

Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP server in Novell NetWare 5.1 through 6.5 SP8 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long (1) MKD, (2) RMD, (3) RNFR, or (4) DELE command. El desbordamiento de búfer en la región stack de la memoria en NWFTPD.nlm anterior a versión 5.10.01 en el servidor FTP en Novell NetWare versiones 5.1 hasta 6.5 SP8, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo del demonio) o posiblemente ejecutar código arbitrario por medio de un comando largo (1) MKD, (2) RMD, (3) RNFR o (4) DELE. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware NWFTPD daemon. Authentication or default anonymous access is required to exploit this vulnerability. The specific flaw exists when parsing malformed arguments to the verbs RMD, RNFR, and DELE. Overly long parameters will result in stack based buffer overflows which can be leveraged to execute arbitrary code. • http://secunia.com/advisories/39151 http://securitytracker.com/id?1023768 http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1 http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=12&Itemid=12 http://www.securityfocus.com/archive/1/510353/100/0/threaded http://www.securityfocus.com/archive/1/510557/100/0/threaded http://www.securityfocus.com/bid/39041 http://www.vupen.com/english/advisories/2010/0742 http://www.zerodayinitiative.com/adviso • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •