Title: EFTP Buffer Overflow Vulnerability
Severity: HIGH
Description:
EFTP is a freeware ftp client and server package that offers encrypted and normal file transfer functionality written by Khamil Landross. If the server recieves a request containing more than 2100 characters, it will crash due to sensitive memory areas being overwritten by the extraneous data. The server will then, in most cases, crash. It may be possible to execute arbitrary code on the server running eftp if a request is carefully crafted to do so.
Affected Products:
- Khamil Landross and Zack Jones EFTP 2.0.4.281
References:
- Beyond Security Ltd.: SecuriTeam Homepage
- Khamil Landross: Eftp Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
