Vulnerability Description
A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER command, allowing remote attackers to overwrite memory and potentially execute arbitrary code. The flaw is triggered by sending an overly long username string, which overflows the buffer allocated for user authentication.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freefloat | Freefloat Ftp Server | 1.0 |
Related Weaknesses (CWE)
References
- https://my.saintcorporation.com/cgi-bin/exploit_info/freefloat_ftp_server_user_cThird Party Advisory
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/expExploit
- https://web.archive.org/web/20101208040029/http://secunia.com/advisories/42465/Third Party Advisory
- https://web.archive.org/web/20101213050627/http://www.freefloat.com/sv/about-/abProduct
- https://www.exploit-db.com/exploits/15689Exploit
- https://www.exploit-db.com/exploits/23243Exploit
- https://www.vulncheck.com/advisories/freefloat-ftp-server-user-command-buffer-ovThird Party Advisory
- https://www.exploit-db.com/exploits/23243Exploit
FAQ
What is CVE-2012-10023?
CVE-2012-10023 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER command, allowing remote attackers to overwrite...
How severe is CVE-2012-10023?
CVE-2012-10023 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2012-10023?
Check the references section above for vendor advisories and patch information. Affected products include: Freefloat Freefloat Ftp Server.