CVE-2003-1368
published 2003-12-31CVE-2003-1368: Buffer overflow in the 32bit FTP client 9.49.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP…
PriorityP421medium6.4CVSS 2.0
AVNACLAuNCNIPAP
EXPLOIT
EPSS
4.28%
89.9th percentile
Buffer overflow in the 32bit FTP client 9.49.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| electrasoft | 32bit_ftp | — | — |
| electrasoft | ftp_client | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9225-9rrc-77x9: Stack-based buffer overflow in ElectraSoft 32bit FTP 09
ghsa_unreviewed·2022-05-02·CVSS 6.4
CVE-2009-1592 [MEDIUM] CWE-119 GHSA-9225-9rrc-77x9: Stack-based buffer overflow in ElectraSoft 32bit FTP 09
Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long banner. NOTE: this might overlap CVE-2003-1368.
GHSA
GHSA-p8qj-wvcq-4w5f: Buffer overflow in the 32bit FTP client 9
ghsa_unreviewed·2022-04-29
CVE-2003-1368 [MEDIUM] CWE-119 GHSA-p8qj-wvcq-4w5f: Buffer overflow in the 32bit FTP client 9
Buffer overflow in the 32bit FTP client 9.49.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner.
No detection rules found.
Exploit-DB
Electrasoft 32Bit FTP 9.49.1 - Client Long Server Banner Buffer Overflow
exploitdb·2003-02-04
CVE-2003-1368 Electrasoft 32Bit FTP 9.49.1 - Client Long Server Banner Buffer Overflow
Electrasoft 32Bit FTP 9.49.1 - Client Long Server Banner Buffer Overflow
---
source: https://www.securityfocus.com/bid/6764/info
It has been reported that Electrasoft 32Bit FTP client may be prone to a buffer overflow condition. This issue is due to the client not implementing bounds checking on banner data copied into local memory buffers.
It may be possible for remote attackers to corrupt sensitive regions of memory with attacker-supplied values, possibly resulting in execution of arbitrary code.
#!/usr/bin/perl
######################################################
#
# Affected systems:
# 32bit FTP Client version p9.49.01
# ByteCatcher FTP Client V1.04b
# Possible many other clients, got this problem to
#
# http://www.infowarfare.dk
#
# Dennis Rand - [email protected]
#
# When
Exploit-DB
CUPS 1.1.x - Negative Length HTTP Header
exploitdb·2002-12-19
CVE-2002-1368 CUPS 1.1.x - Negative Length HTTP Header
CUPS 1.1.x - Negative Length HTTP Header
---
source: https://www.securityfocus.com/bid/6437/info
A vulnerability has been reported for CUPS that if exploited may result in a DoS or the execute of code on affected systems.
An attacker can exploit this vulnerability by connecting to a vulnerable system and issuing malformed HTTP headers with a negative value for some fields. When the cupsd service receives this request, it will crash.
This vulnerability is very similar to the issue described in BID 5033. It may be very likely that this vulnerability may be exploited to execute malicious attacker-supplied code on BSD, and possibly other, platforms.
*** January 05, 2003
There are reports of this vulnerability being actively exploited in the wild. Vulnerable users are advised to update i
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0054.htmlhttp://www.securityfocus.com/bid/6764https://exchange.xforce.ibmcloud.com/vulnerabilities/11234http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0054.htmlhttp://www.securityfocus.com/bid/6764https://exchange.xforce.ibmcloud.com/vulnerabilities/11234
2003-12-31
Published