Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4572

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-4572
Last Modified 07 Mar 2011 10:12:40
Published 15 Oct 2008 04:00:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4572

Summary

GuildFTPd 0.999.14, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the CWD and LIST commands, which triggers heap corruption related to an improper free call, and possibly triggering a heap-based buffer overflow.

Vulnerable Systems

Application

  • Guildftpd 0.999.14


References

XF - guildftpd-list-bo(45818)

VUPEN - ADV-2008-2794

BID - 31729

MILW0RM - 6738

SREASON - 4422

SECUNIA - 32218


Last Updated: 27 May 2016 10:48:32