VULHUB ™

bftpd is a free implementation of an ftp daemon designed to run on multiple architectures and versions of UNIX. A buffer overflow exists in the daemon that could create potential problems. bftpd contains a buffer overflow in the USER command, in which an input of greater than 35 characters will result in a segmentation fault. It is reported that bftpd program design prevents an elevation of priviledges by means of character filtering. However, it is possible for a malicious user to crash their own session by means of invalid input.

bftpd is a free implementation of an ftp daemon designed to run on multiple architectures and versions of UNIX. A buffer overflow exists in the daemon that could create potential problems. bftpd contains a buffer overflow in the USER command, in which an input of greater than 35 characters will result in a segmentation fault. It is reported that bftpd program design prevents an elevation of priviledges by means of character filtering. However, it is possible for a malicious user to crash their own session by means of invalid input.