CVE-2009-3364
published 2009-09-24CVE-2009-3364: Stack-based buffer overflow in FTPShell Client 4.1 RC2 allows remote FTP servers to execute arbitrary code via a long response to a PASV command.
PriorityP352critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
5.45%
91.7th percentile
Stack-based buffer overflow in FTPShell Client 4.1 RC2 allows remote FTP servers to execute arbitrary code via a long response to a PASV command.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ftpshell | ftpshell | — | — |
| ftpshell | ftpshell_client | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v9q9-9c5j-v225: An issue was discovered in FTPShell Client 6
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2018-7573 [CRITICAL] CWE-119 GHSA-v9q9-9c5j-v225: An issue was discovered in FTPShell Client 6
An issue was discovered in FTPShell Client 6.7. A remote FTP server can send 400 characters of 'F' in conjunction with the FTP 220 response code to crash the application; after this overflow, one can run arbitrary code on the victim machine. This is similar to CVE-2009-3364 and CVE-2017-6465.
GHSA
GHSA-r79x-qr5q-j845: Stack-based buffer overflow in FTPShell Client 4
ghsa_unreviewed·2022-05-02
CVE-2009-3364 [HIGH] CWE-119 GHSA-r79x-qr5q-j845: Stack-based buffer overflow in FTPShell Client 4
Stack-based buffer overflow in FTPShell Client 4.1 RC2 allows remote FTP servers to execute arbitrary code via a long response to a PASV command.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/36628http://www.exploit-db.com/exploits/9613http://www.osvdb.org/57899http://www.securityfocus.com/bid/36327http://www.vupen.com/english/advisories/2009/2604https://exchange.xforce.ibmcloud.com/vulnerabilities/53126http://secunia.com/advisories/36628http://www.exploit-db.com/exploits/9613http://www.osvdb.org/57899http://www.securityfocus.com/bid/36327http://www.vupen.com/english/advisories/2009/2604https://exchange.xforce.ibmcloud.com/vulnerabilities/53126
2009-09-24
Published