Cerberus FTP 1.5 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long (1) username, (2) password, or (3) PASV command.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ceberus_ftp_server | Grant_averett | 1.0 (including) | 1.0 (including) |
| Ceberus_ftp_server | Grant_averett | 1.1 (including) | 1.1 (including) |
| Ceberus_ftp_server | Grant_averett | 1.01 (including) | 1.01 (including) |
| Ceberus_ftp_server | Grant_averett | 1.2 (including) | 1.2 (including) |
| Ceberus_ftp_server | Grant_averett | 1.3 (including) | 1.3 (including) |
| Ceberus_ftp_server | Grant_averett | 1.5 (including) | 1.5 (including) |
| Ceberus_ftp_server | Grant_averett | 1.22 (including) | 1.22 (including) |
References
- http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00070.html
- http://www.securityfocus.com/archive/1/192655
- http://www.securityfocus.com/bid/2901
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6728
- http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00070.html
- http://www.securityfocus.com/archive/1/192655
- http://www.securityfocus.com/bid/2901
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6728