CVE-2010-10014

Summary

Odin Secure FTP <= 4.1 is vulnerable to a stack-based buffer overflow when parsing directory listings received in response to an FTP LIST command. A malicious FTP server can send an overly long filename in the directory listing, which overflows a fixed-size stack buffer in the client and overwrites the Structured Exception Handler (SEH). This allows remote attackers to execute arbitrary code on the client system.

Affected Software

VendorProductVersion RangeStatus
Odin SoftwareOdin Secure FTP0 <= 4.1affected

Weaknesses

  • CWE-121: CWE-121 Stack-Based Buffer Overflow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References