Vulnerability Description
Seagull FTP Client <= v3.3 Build 409 contains a stack-based buffer overflow vulnerability in its FTP directory listing parser. When the client connects to an FTP server and receives a crafted response to a LIST command containing an excessively long filename, the application fails to properly validate input length, resulting in a buffer overflow that overwrites the Structured Exception Handler (SEH). This may allow remote attackers to execute arbitrary code on the client system. This product line was discontinued and users were advised to use BlueZone Secure FTP instead, at the time of disclosure.
Related Weaknesses (CWE)
References
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exp
- https://web.archive.org/web/20111016194057/https://www.corelan.be/index.php/2010
- https://web.archive.org/web/20120102094617/http://bluezone.rocketsoftware.com/pr
- https://www.exploit-db.com/exploits/16705
- https://www.vulncheck.com/advisories/seagull-ftp-stack-buffer-overflow
- https://www3.rocketsoftware.com/bluezone/help/v34/sftp/sftp.htm
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exp
- https://www.exploit-db.com/exploits/16705
FAQ
What is CVE-2010-20007?
CVE-2010-20007 is a documented vulnerability. Seagull FTP Client <= v3.3 Build 409 contains a stack-based buffer overflow vulnerability in its FTP directory listing parser. When the client connects to an FTP server and receives a crafted response...
How severe is CVE-2010-20007?
CVSS scoring is not yet available for CVE-2010-20007. Check NVD for updates.
Is there a patch for CVE-2010-20007?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.