Title: FTP Desktop Banner Parsing Buffer Overflow Vulnerability
Severity: HIGH
Description:
FTP Desktop is an application that allows a user to access FTP sites as if they were folders on the local system.
A buffer overflow vulnerability has been reported in FTP Desktop. The vulnerability occurs when FTP Desktop is parsing 'Welcome' banner 220 messages from remote FTP servers. When FTP Desktop receives an FTP banner exceeding a certain length, it will trigger the overflow condition.
In the event that a malicious FTP server sends a banner consisting of greater than approximately 237 bytes, an internal buffer in the client will be overrun, causing adjacent regions of memory to be corrupted with data supplied by the malicious server. This could allow for execution of malicious code in the context of the affected FTP client.
It should be noted that although this vulnerability has been reported to affect FTP Desktop version 3.5, other versions might also be affected.
Affected Products:
- FTP Desktop FTP Desktop 3.5.0
References:
- FTP Desktop: FTP Desktop Downloads
- FTP Desktop: FTP Desktop Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
