NextGuard
UNKNOWNCVE-2016-20046

zFTP Client 20061220+dfsg3-4.1 Local Buffer Overflow

Platform

linux

Component

zftp-client

View on NVD

zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handling of FTP connections that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized NAME value exceeding the 80-byte buffer allocated in strcpy_chk to overwrite the instruction pointer and execute shellcode with user privileges.

How to fix

Actualizar zFTP Client a una versión corregida o desinstalar el software. La vulnerabilidad permite a atacantes locales ejecutar código arbitrario, por lo que es crucial aplicar la actualización o eliminar el software para mitigar el riesgo.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free