{"vuid":"VU#713092","idnumber":"713092","name":"FileCOPA FTP server vulnerable to buffer overflow","keywords":["FileCOPA","stack-based","buffer overflow","integer underflow","FTP service","directory arguments","FTP commands"],"overview":"There is a buffer overflow vulnerability in the FileCOPA FTP server which may allow an attacker to execute arbitrary code.","clean_desc":"FileCOPA is an FTP server for Microsoft Windows that supports anonymous file transfers. There is a buffer overflow vulnerability in the FileCOPA FTP service (filecpnt.exe) that may occur when malformed input is passed to the server using common FTP commands. If anonymous connections to the server are allowed, an attacker would not need valid user credentials to exploit this vulnerability.","impact":"A remote, unauthenticated attacker may execute arbitrary code.","resolution":"Upgrade\nUpgrade to FileCOPA version 1.01.","workarounds":"Disable Anonymous Access\nDisabling anonymous access may mitigate the impact of this vulnerability. Restrict Access \nRestricting network access to the server may prevent remote attackers from exploiting this vulnerability.","sysaffected":"","thanks":"Thanks to \nCarsten Eiram, Secunia Research\n for reporting this vulnerability.","author":"This document was written by Ryan Giobbi.","public":["http://secunia.com/secunia_research/2006-55/","http://secunia.com/advisories/21097/","http://www.filecopa-ftpserver.com/download.html"],"cveids":["CVE-2006-3768"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-07-25T18:57:25Z","publicdate":"2006-07-25T00:00:00Z","datefirstpublished":"2006-09-29T12:51:13Z","dateupdated":"2006-09-29T14:03:24Z","revision":27,"vrda_d1_directreport":"0","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"7","cam_exploitation":"0","cam_internetinfrastructure":"1","cam_population":"1","cam_impact":"19","cam_easeofexploitation":"20","cam_attackeraccessrequired":"18","cam_scorecurrent":"1.026","cam_scorecurrentwidelyknown":"2.69325","cam_scorecurrentwidelyknownexploited":"5.25825","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":1.026,"vulnote":null}