CVE-2010-10014

Vulnerability Description

Odin Secure FTP <= 4.1 is vulnerable to a stack-based buffer overflow when parsing directory listings received in response to an FTP LIST command. A malicious FTP server can send an overly long filename in the directory listing, which overflows a fixed-size stack buffer in the client and overwrites the Structured Exception Handler (SEH). This allows remote attackers to execute arbitrary code on the client system.

Related Weaknesses (CWE)

References

• https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exp
• https://web.archive.org/web/20111007123101/http://odinshare.com/secure-ftp-exper
• https://web.archive.org/web/20111016194057/https://www.corelan.be/index.php/2010
• https://www.exploit-db.com/exploits/16716
• https://www.vulncheck.com/advisories/odin-secure-ftp-stack-buffer-overflow-via-l
• https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exp
• https://www.exploit-db.com/exploits/16716

FAQ

What is CVE-2010-10014?

CVE-2010-10014 is a documented vulnerability. Odin Secure FTP <= 4.1 is vulnerable to a stack-based buffer overflow when parsing directory listings received in response to an FTP LIST command. A malicious FTP server can send an overly long filena...

How severe is CVE-2010-10014?

CVSS scoring is not yet available for CVE-2010-10014. Check NVD for updates.

Is there a patch for CVE-2010-10014?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.