CVE-2007-5184

Format string vulnerability in the SMBDirList function in dirlist.c in SmbFTPD 0.96 allows remote attackers to execute arbitrary code via format string specifiers in a directory name.

Weakness

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Affected Software

Name	Vendor	Start Version	End Version
Smbftpd	Smbftpd	0.96 (including)	0.96 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/135.html
https://cwe.mitre.org/data/definitions/67.html

References

http://debork.se/poc/001_smbftpd.c
http://osvdb.org/41385
http://secunia.com/advisories/27014
http://sourceforge.net/project/shownotes.php?release_id=543077
http://www.securityfocus.com/archive/1/481220/100/0/threaded
http://www.securityfocus.com/bid/25871
http://www.vupen.com/english/advisories/2007/3311
https://exchange.xforce.ibmcloud.com/vulnerabilities/36893
https://www.exploit-db.com/exploits/4478
http://debork.se/poc/001_smbftpd.c
http://osvdb.org/41385
http://secunia.com/advisories/27014
http://sourceforge.net/project/shownotes.php?release_id=543077
http://www.securityfocus.com/archive/1/481220/100/0/threaded
http://www.securityfocus.com/bid/25871
http://www.vupen.com/english/advisories/2007/3311
https://exchange.xforce.ibmcloud.com/vulnerabilities/36893
https://www.exploit-db.com/exploits/4478

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-5184
CWE	https://cwe.mitre.org/data/definitions/134.html

Use of Externally-Controlled Format String

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References