Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote malicious servers to execute arbitrary code on the client via a long response to a passive (PASV) mode request.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kth | kth_kerberos | 4_1.1.1 |
| kth | kth_kerberos | 4_1.0.4 |
| luke_mewburn | lukemftp | 1.5 |
| kth | kth_kerberos | 4_1.0.3 |
| kth | kth_kerberos | 4_1.0.2 |
Buffer overflow in lukemftp FTP client in SuSE 6.4 through 8.0, and possibly other operating systems, allows a malicious FTP server to execute arbitrary code via a long PASV command.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | suse_linux | 7.1 |
| suse | suse_linux | 7.2 |
| suse | suse_linux | 7.3 |
| suse | suse_linux | 6.4 |
| suse | suse_linux | 8.0 |
| suse | suse_linux | 7.0 |
| luke_mewburn | lukemftp | * |
Multiple signal handler race conditions in lukemftpd (aka tnftpd before 20040810) allow remote authenticated attackers to cause a denial of service or execute arbitrary code.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| luke_mewburn | lukemftp | 1.1 |
| luke_mewburn | lukemftp | 1.5 |
| luke_mewburn | tnftpd | 2003-12-17 |
The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / (slash) characters.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| luke_mewburn | tnftp | 2003-08-25 |