Golden FTP server contains a buffer overflow that may allow a remote attacker to execute arbitrary code.
Golden FTP server is a personal FTP server for the Microsoft Windows platform. The RNTO (rename to) command is used in conjunction with the RNFR (rename from) to rename a file on the server. Specifically, RNFR is used to specify the current name of the file, and RNTO is used to specify the new name for the file. If a remote unauthenticated attacker sends a specially crafted rename request (RNFR and RNTO) to a vulnerable Golden FTP server, they may be able to trigger a buffer overflow vulnerability in the routine that handles RNTO commands.
Please note that an exploit for this vulnerability is publicly available.
A remote unauthenticated attacker may be able to execute arbitrary code with the privileges of the Golden FTP server.
Thanks to barabas mutsonline for reporting this vulnerability.
|Date First Published:||2005-02-25|
|Date Last Updated:||2005-02-25 16:49 UTC|