VULHUB ™

Marbry Software FTPServer/X has been reported prone to a buffer overflow vulnerability when processing server responses of excessive length. The issue presents itself, likely due to a lack of sufficient bounds checking performed by wsprintf() when copying attacker-supplied data into an internal memory buffer. The data contained in this buffer, under normal circumstances, is transmitted to the remote user as a part of an FTP server status response message. A remote attacker may exploit this condition to trigger a persistent denial of service condition; code execution may also be possible. It should be noted that any software that implements the Marbry Software FTPServer/X control, is likely affected by this vulnerability. It has been confirmed that this control is in use by Mollensoft(Hyperion) FTP Server. This issue is related to BID 7307 and possibly BID 6345.

Marbry Software FTPServer/X has been reported prone to a buffer overflow vulnerability when processing server responses of excessive length. The issue presents itself, likely due to a lack of sufficient bounds checking performed by wsprintf() when copying attacker-supplied data into an internal memory buffer. The data contained in this buffer, under normal circumstances, is transmitted to the remote user as a part of an FTP server status response message. A remote attacker may exploit this condition to trigger a persistent denial of service condition; code execution may also be possible. It should be noted that any software that implements the Marbry Software FTPServer/X control, is likely affected by this vulnerability. It has been confirmed that this control is in use by Mollensoft(Hyperion) FTP Server. This issue is related to BID 7307 and possibly BID 6345.