Vulnerability Details CVE-2011-5166
Multiple stack-based buffer overflows in KnFTP 1.0.0 allow remote attackers to execute arbitrary code via a long string to the (1) USER, (2) PASS, (3) REIN, (4) QUIT, (5) PORT, (6) PASV, (7) TYPE, (8) STRU, (9) MODE, (10) RETR, (11) STOR, (12) APPE, (13) ALLO, (14) REST, (15) RNFR, (16) RNTO, (17) ABOR, (18) DELE, (19) CWD, (20) LIST, (21) NLST, (22) SITE, (23) STST, (24) HELP, (25) NOOP, (26) MKD, (27) RMD, (28) PWD, (29) CDUP, (30) STOU, (31) SNMT, (32) SYST, and (33) XPWD commands.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.332
EPSS Ranking 96.9%
CVSS Severity
CVSS v2 Score 7.5
References
- http://archives.neohapsis.com/archives/bugtraq/2011-09/0015.html
- http://secunia.com/advisories/45907
- http://www.exploit-db.com/exploits/17819
- http://www.exploit-db.com/exploits/17856
- http://www.exploit-db.com/exploits/17870
- http://www.exploit-db.com/exploits/18089
- http://www.osvdb.org/75147
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69557
- http://archives.neohapsis.com/archives/bugtraq/2011-09/0015.html
- http://secunia.com/advisories/45907
- http://www.exploit-db.com/exploits/17819
- http://www.exploit-db.com/exploits/17856
- http://www.exploit-db.com/exploits/17870
- http://www.exploit-db.com/exploits/18089
- http://www.osvdb.org/75147
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69557