• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

moxftp Banner Parsing Buffer Overflow Vulnerability

A buffer overflow vulnerability has been reported for moxftp. The vulnerability occurs when moxftp is parsing 'Welcome' banner messages from remote FTP servers. When moxftp receives an overly long FTP banner, it will trigger the overflow condition.

An attacker can exploit this vulnerability by enticing a victim moxftp user to connect to a malicious FTP server.

Any attacker-supplied code will be executed on the victim system with the privileges of the moxftp process.

This vulnerability also affects xftp which is based upon moxftp.