Vulnerability Description
GuildFTPd 0.999.14, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the CWD and LIST commands, which triggers heap corruption related to an improper free call, and possibly triggering a heap-based buffer overflow.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Guildftpd | Guildftpd | 0.999.14 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/32218Vendor Advisory
- http://securityreason.com/securityalert/4422
- http://www.securityfocus.com/bid/31729
- http://www.vupen.com/english/advisories/2008/2794
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45818
- https://www.exploit-db.com/exploits/6738
- http://secunia.com/advisories/32218Vendor Advisory
- http://securityreason.com/securityalert/4422
- http://www.securityfocus.com/bid/31729
- http://www.vupen.com/english/advisories/2008/2794
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45818
- https://www.exploit-db.com/exploits/6738
FAQ
What is CVE-2008-4572?
CVE-2008-4572 is a vulnerability with a CVSS score of 10.0 (HIGH). GuildFTPd 0.999.14, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the CWD and LIST commands, which...
How severe is CVE-2008-4572?
CVE-2008-4572 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4572?
Check the references section above for vendor advisories and patch information. Affected products include: Guildftpd Guildftpd.