{"vuid":"VU#857846","idnumber":"857846","name":"Ability Server vulnerable to buffer overflow","keywords":["Ability Server","buffer overflow","FTP STOR","arbitrary code execution"],"overview":"A buffer overflow in the Ability Server may allow remote authenticated attackers to execute arbitrary code.","clean_desc":"A lack of input validation in Ability Server's FTP STOR command may allow a buffer overflow to occur. A remote authenticated attacker may be able to exploit this vulnerability by supplying the Ability Server with a specially crafted FTP STOR command. According to reports, Ability Server versions 2.34, 2.25. and 2.32 are vulnerable. However, other versions may also be affected.","impact":"A remote authenticated attacker may be able to execute arbitrary code with the privileges of the Ability Server process or cause a denial-of-service condition.","resolution":"We are currently unaware of a practical solution to this problem.","workarounds":"Block or Restrict Access Block or restrict access to the Ability Server from untrusted hosts. Upgrade\nThe Ability Server has been discontinued. Ability Server users are encouraged to upgrade to the Ability FTP Server to correct this issue.","sysaffected":"","thanks":"This vulnerability was publicly reported in a Security Tracker Advisory. Security Tracker credits K-Otik with providing information regarding this issue.","author":"This document was written by Jeff Gennari.","public":["http://securitytracker.com/alerts/2004/Oct/1011858.html","http://securityfocus.com/bid/11508/","http://www.osvdb.org/11030"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-10-26T13:53:59Z","publicdate":"2004-10-21T00:00:00Z","datefirstpublished":"2004-12-22T19:53:38Z","dateupdated":"2004-12-22T19:54:12Z","revision":70,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"15","cam_impact":"20","cam_easeofexploitation":"10","cam_attackeraccessrequired":"10","cam_scorecurrent":"12.9375","cam_scorecurrentwidelyknown":"12.9375","cam_scorecurrentwidelyknownexploited":"24.1875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":12.9375,"vulnote":null}