ID CVE-2004-1626
Summary Buffer overflow in Ability Server 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long STOR command.
References
Vulnerable Configurations
  • cpe:2.3:a:code-crafters:ability_server:2.2.5
    cpe:2.3:a:code-crafters:ability_server:2.2.5
  • cpe:2.3:a:code-crafters:ability_server:2.3.2
    cpe:2.3:a:code-crafters:ability_server:2.3.2
  • cpe:2.3:a:code-crafters:ability_server:2.3.4
    cpe:2.3:a:code-crafters:ability_server:2.3.4
CVSS
Base: 5.0 (as of 01-06-2005 - 10:43)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
  • description Ability Server 2.34 FTP STOR Buffer Overflow Exploit (Unix Exploit). CVE-2004-1626. Remote exploit for windows platform
    id EDB-ID:618
    last seen 2016-01-31
    modified 2004-11-07
    published 2004-11-07
    reporter NoPh0BiA
    source https://www.exploit-db.com/download/618/
    title Ability Server 2.34 - FTP STOR Buffer Overflow Exploit Unix Exploit
  • description Ability Server 2.34 FTP STOR Buffer Overflow. CVE-2004-1626. Remote exploit for windows platform
    id EDB-ID:588
    last seen 2016-01-31
    modified 2004-10-21
    published 2004-10-21
    reporter muts
    source https://www.exploit-db.com/download/588/
    title Ability Server 2.34 - FTP STOR Buffer Overflow
metasploit via4
description This module exploits a stack-based buffer overflow in Ability Server 2.34. Ability Server fails to check input size when parsing 'STOR' and 'APPE' commands, which leads to a stack based buffer overflow. This plugin uses the 'STOR' command. The vulnerability has been confirmed on version 2.34 and has also been reported in version 2.25 and 2.32. Other versions may also be affected.
id MSF:EXPLOIT/WINDOWS/FTP/ABILITY_SERVER_STOR
last seen 2019-01-14
modified 2017-07-24
published 2011-12-07
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/ability_server_stor.rb
title Ability Server 2.34 STOR Command Stack Buffer Overflow
nessus via4
NASL family FTP
NASL id ABILITY_FTP_OVERFLOW.NASL
description The remote host is running Ability FTP Server. It is reported that the remote version of this software is prone to a remote buffer overflow attack via the 'STOR' and 'APPE' commands. An attacker, exploiting this flaw, would only need to be able to craft and send a query to the FTP server on its service port (usually 21).
last seen 2019-02-21
modified 2018-11-15
plugin id 15628
published 2004-11-04
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=15628
title Ability FTP Server Multiple Command Remote Buffer Overflows
refmap via4
bid 11508
bugtraq 20041022 Ability FTP Server 2.34 Buffer Overflow Exploit
cert-vn VU#857846
osvdb 11030
secunia 12941
xf abilityftpserver-stor-dos(17823)
Last major update 17-10-2016 - 22:57
Published 22-10-2004 - 00:00
Last modified 10-07-2017 - 21:31
Back to Top