ID CVE-2006-4318
Summary Buffer overflow in WFTPD Server 3.23 allows remote attackers to execute arbitrary code via long SIZE commands.
References
Vulnerable Configurations
  • cpe:2.3:a:texas_imperial_software:wftpd:3.23:*:*:*:*:*:*:*
    cpe:2.3:a:texas_imperial_software:wftpd:3.23:*:*:*:*:*:*:*
CVSS
Base: 6.5 (as of 19-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
refmap via4
bid 19617
exploit-db 2233
misc http://packetstormsecurity.org/0608-exploits/wftpd_exp.c
osvdb 28134
sectrack 1016723
secunia 21547
vupen ADV-2006-3357
xf wftpd-size-bo(28523)
statements via4
contributor Texas Imperial Software
lastmodified 2011-01-07
organization Texas Imperial Software
statement Texas Imperial Software has tested this issue against current versions of WFTPD and WFTPD Pro, and finds that versions after 3.23 are not vulnerable. Users of WFTPD or WFTPD Pro should update to the most current version in order to address this issue. The update is free to fully registered users unregistered users can download a fresh copy of the shareware version of the application.
Last major update 19-10-2017 - 01:29
Published 24-08-2006 - 01:04
Last modified 19-10-2017 - 01:29
Back to Top