CVE-2014-1443

Published: May 2, 2014Modified: May 6, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

Core FTP Server 1.2 before build 515 allows remote authenticated users to obtain sensitive information (password for the previous user) via a USER command with a specific length, possibly related to an out-of-bounds read.

Affected (1)

Products: Coreftp: Core Ftp

Coreftp

1 product

Core Ftp

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Coreftp Core Ftp	Version 1.2

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (10)

http://coreftp.com/forums/viewtopic.php?t=2985707

Source: cve@mitre.org

Vendor Advisory

http://packetstormsecurity.com/files/125073/Core-FTP-Server-1.2-DoS-Traversal-Disclosure.html

Source: cve@mitre.org

Exploit

http://seclists.org/fulldisclosure/2014/Feb/39

Source: cve@mitre.org

Exploit

http://secunia.com/advisories/56850

Source: cve@mitre.org

Vendor Advisory

http://www.osvdb.org/102968

Source: cve@mitre.org

http://coreftp.com/forums/viewtopic.php?t=2985707