FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-5184

This CVE name corresponds to:

Entered Topic
2007-12-12 smbftpd -- format string vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2007-5184
Phase Assigned(20071003)

Description

Format string vulnerability in the SMBDirList function in dirlist.c in SmbFTPD 0.96 allows remote attackers to execute arbitrary code via format string specifiers in a directory name.

References

Source Reference
BUGTRAQ 20071001 smbftpd 0.96 format string vulnerability
MILW0RM 4478
MISC http://debork.se/poc/001_smbftpd.c
CONFIRM http://sourceforge.net/project/shownotes.php?release_id=543077
BID 25871
VUPEN ADV-2007-3311
OSVDB 41385
SECUNIA 27014
XF smbftpd-smbdirlist-format-string(36893)