Attachmate Reflection Buffer Overflow in FTP Client Lets Remote Servers Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1026340 |
|
SecurityTracker URL: http://securitytracker.com/id/1026340
|
|
CVE Reference:
CVE-2011-5012
(Links to External Site)
|
Updated: Dec 28 2011
|
Original Entry Date: Nov 18 2011
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): 14.1.1173 and prior versions
|
Description:
A vulnerability was reported in Attachmate Reflection. A remote user can execute arbitrary code on the target system.
A remote server can return a specially crafted directory name in response to an FTP LIST command to trigger a heap overflow and execute arbitrary code on the connected target client. The code will run with the privileges of the target client.
The following product versions are affected:
Reflection for HP version 14.x
Reflection for UNIX and OpenVMS version 14.x
Reflection for ReGIS Graphics version 14.x
Reflection for IBM version 14.x
Reflection X version 14.x
The vendor was notified on September 26, 2011.
The original advisory is available at:
http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=29&Itemid=29
Francis Provencher (Protek Research Lab's) reported this vulnerability.
|
Impact:
A remote server can execute arbitrary code on the connected target system.
|
Solution:
The vendor has issued a fix (14.1.1.206).
The vendor's advisory is available at:
http://support.attachmate.com/techdocs/1708.html
|
Vendor URL: support.attachmate.com/techdocs/1708.html (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS: OpenVMS, UNIX (AIX), UNIX (Any), UNIX (HP/UX), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
