Test ID:	1.3.6.1.4.1.25623.1.0.902571
Category:	Buffer overflow
Title:	ScriptFTP 'GETLIST' or 'GETFILE' Commands Remote Buffer Overflow Vulnerability
Summary:	ScriptFTP is prone to a buffer overflow vulnerability.
Description:	Summary: ScriptFTP is prone to a buffer overflow vulnerability. Vulnerability Insight: The flaw is due to a boundary error when processing filenames within a directory listing. This can be exploited to cause a stack-based buffer overflow via a specially crafted FTP LIST command response. Vulnerability Impact: Successful exploitation could allow remote attackers to execute arbitrary code within the context of the application. Failed attacks may cause a denial of service condition. Affected Software/OS: ScriptFTP version 3.3 and prior. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3976 BugTraq ID: 49707 http://www.securityfocus.com/bid/49707 CERT/CC vulnerability note: VU#440219 http://www.kb.cert.org/vuls/id/440219 http://www.exploit-db.com/exploits/17876 http://www.digital-echidna.org/2011/09/scriptftp-3-3-remote-buffer-overflow-exploit-0day/ http://secunia.com/advisories/46099 XForce ISS Database: scriptftp-getlist-bo(69962) https://exchange.xforce.ibmcloud.com/vulnerabilities/69962
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.