Sign-up

ID

VAR-201004-0487


CVE

CVE-2010-1465


TITLE

Trellian FTP Client stack-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2010-005407

DESCRIPTION

Stack-based buffer overflow in Trellian FTP client 3.01, including 3.1.3.1789, allows remote attackers to execute arbitrary code via a long PASV response. Trellian FTP is a popular FTP client. A stack overflow vulnerability exists in the Trellian FTP client when processing FTP responses. An attacker may exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause denial-of-service conditions. ---------------------------------------------------------------------- Secunia CSI + Microsoft SCCM ----------------------- = Extensive Patch Management http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Trellian FTP PASV Response Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA39370 VERIFY ADVISORY: http://secunia.com/advisories/39370/ DESCRIPTION: A vulnerability has been discovered in Trellian FTP, which can be exploited by malicious people to compromise a user's system. The vulnerability is confirmed in version 3.1.3.1789. Other versions may also be affected. SOLUTION: Do not connect to untrusted FTP servers. PROVIDED AND/OR DISCOVERED BY: zombiefx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.52

sources: NVD: CVE-2010-1465 // JVNDB: JVNDB-2010-005407 // CNVD: CNVD-2010-0577 // BID: 80417 // PACKETSTORM: 88488

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2010-0577

AFFECTED PRODUCTS

vendor:trellianmodel:ftpscope:eqversion:3.1.3.1789

Trust: 1.9

vendor:trellianmodel:ftpscope:eqversion:3.01

Trust: 1.9

vendor:trellianmodel:ftpscope:eqversion:3.01 and 3.1.3.1789

Trust: 0.8

vendor:trellianmodel:ftp clientscope:eqversion:3.01

Trust: 0.6

sources: CNVD: CNVD-2010-0577 // BID: 80417 // JVNDB: JVNDB-2010-005407 // CNNVD: CNNVD-201004-303 // NVD: CVE-2010-1465

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-1465
value: HIGH

Trust: 1.0

NVD: CVE-2010-1465
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201004-303
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2010-1465
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2010-005407 // CNNVD: CNNVD-201004-303 // NVD: CVE-2010-1465

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2010-005407 // NVD: CVE-2010-1465

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201004-303

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201004-303

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-005407

PATCH
title:FTP clienturl:http://www.trellian.com/ftp/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-005407

EXTERNAL IDS
db:NVDid:CVE-2010-1465
Trust: 3.3
db:SECUNIAid:39370
Trust: 2.3
db:EXPLOIT-DBid:12152
Trust: 1.9
db:XFid:57778
Trust: 0.9
db:JVNDBid:JVNDB-2010-005407
Trust: 0.8
db:CNVDid:CNVD-2010-0577
Trust: 0.6
db:CNNVDid:CNNVD-201004-303
Trust: 0.6
db:BIDid:80417
Trust: 0.3
db:PACKETSTORMid:88488
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2010-0577 // 
            
            
            
            BID: 80417 // 
            
            
            
            JVNDB: JVNDB-2010-005407 // 
            
            
            
            PACKETSTORM: 88488 // 
            
            
            
            CNNVD: CNNVD-201004-303 // 
            
            
            
            NVD: CVE-2010-1465

REFERENCES
url:http://www.exploit-db.com/exploits/12152
Trust: 1.9
url:http://secunia.com/advisories/39370
Trust: 1.6
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/57778
Trust: 1.0
url:http://xforce.iss.net/xforce/xfdb/57778
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1465
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1465
Trust: 0.8
url:http://secunia.com/advisories/39370/
Trust: 0.7
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2010-0577 // 
            
            
            
            BID: 80417 // 
            
            
            
            JVNDB: JVNDB-2010-005407 // 
            
            
            
            PACKETSTORM: 88488 // 
            
            
            
            CNNVD: CNNVD-201004-303 // 
            
            
            
            NVD: CVE-2010-1465

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 80417

SOURCES
db:CNVDid:CNVD-2010-0577
db:BIDid:80417
db:JVNDBid:JVNDB-2010-005407
db:PACKETSTORMid:88488
db:CNNVDid:CNNVD-201004-303
db:NVDid:CVE-2010-1465

LAST UPDATE DATE
2025-04-11T23:15:42.735000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2010-0577date:2010-04-13T00:00:00
db:BIDid:80417date:2010-04-16T00:00:00
db:JVNDBid:JVNDB-2010-005407date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-201004-303date:2010-04-19T00:00:00
db:NVDid:CVE-2010-1465date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2010-0577date:2010-04-13T00:00:00
db:BIDid:80417date:2010-04-16T00:00:00
db:JVNDBid:JVNDB-2010-005407date:2012-12-20T00:00:00
db:PACKETSTORMid:88488date:2010-04-16T06:31:55
db:CNNVDid:CNNVD-201004-303date:2010-04-16T00:00:00
db:NVDid:CVE-2010-1465date:2010-04-16T19:30:00.680