Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

GlobalSCAPE Secure FTP Server "SITE" Command Vulnerability

Mar 17, 2004 11:35PM PST

Moderately critical

IMPACT:
DoS

WHERE:
From remote

SOFTWARE:
GlobalSCAPE Secure FTP Server 2.x

DESCRIPTION:
STORM has reported a vulnerability in GlobalSCAPE Secure FTP Server,
which can be exploited by malicious users to cause a DoS (Denial of
Service).

The vulnerability is caused due to an out-of-bounds write error
within the handling of arguments passed to "SITE" commands. This can
be exploited to crash the FTP server by supplying an overly long
argument (about 252 bytes) to a "SITE" command.

The vulnerability has been reported in version 2.0 Build
03.11.2004.2. Other versions may also be affected.

SOLUTION:
Update to version 2.0 Build 03.16.2004.1 or later.

http://secunia.com/advisories/11159/

Discussion is locked