Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5166

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-5166
Last Modified 17 Sep 2012 12:00:00
Published 15 Sep 2012 01:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-5166

Summary

Multiple stack-based buffer overflows in KnFTP 1.0.0 allow remote attackers to execute arbitrary code via a long string to the (1) USER, (2) PASS, (3) REIN, (4) QUIT, (5) PORT, (6) PASV, (7) TYPE, (8) STRU, (9) MODE, (10) RETR, (11) STOR, (12) APPE, (13) ALLO, (14) REST, (15) RNFR, (16) RNTO, (17) ABOR, (18) DELE, (19) CWD, (20) LIST, (21) NLST, (22) SITE, (23) STST, (24) HELP, (25) NOOP, (26) MKD, (27) RMD, (28) PWD, (29) CDUP, (30) STOU, (31) SNMT, (32) SYST, and (33) XPWD commands.

Vulnerable Systems

Application

  • Elif Keir Knftp 1.0.0


References

XF - knftpd-multiple-commands-bo(69557)

OSVDB - 75147

EXPLOIT-DB - 18089

EXPLOIT-DB - 17870

EXPLOIT-DB - 17856

EXPLOIT-DB - 17819

SECUNIA - 45907

BUGTRAQ - 20110902 KnFTPd v1.0.0 Multiple Command Remote Buffer Overflow


Last Updated: 27 May 2016 10:57:36