Title: 4D WebSTAR FTP Remote Long Password Buffer Overrun Vulnerability
Severity: HIGH
Description:
4D WebSTAR FTP is an FTP server available for the MacOS X operating system.
A buffer overrun has been reported for 4D WebSTAR FTP. The problem is said to occur due to insufficient bounds checking when handling excessive data as the user-supplied password. An attacker could trigger this condition by supplying excessive data to the FTP PASS command.
As a result of this vulnerability, an attacker may be capable of corrupting sensitive stack memory in such a way that the execution flow of the WebSTAR process can be controlled. This could ultimately allow for the execution of arbitrary code with the privileges of the FTP service, typically the 'webstar' user.
Affected Products:
- 4D WebSTAR 5.2.0
- 4D WebSTAR 5.2.1
- 4D WebSTAR 5.2.2
- 4D WebSTAR 5.2.3
- 4D WebSTAR 5.2.4
- 4D WebSTAR 5.3.0
- 4D WebSTAR 5.3.1
References:
- 4D Inc.: 4D Inc. Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
