Konica Minolta FTP Utility Buffer Overflow Vulnerability in NLST Command Allowing Denial-of-Service
Vulnerability
A buffer overflow vulnerability has been identified in Konica Minolta FTP Utility version 1.0. The issue arises in the NLST command, where attackers can send an oversized buffer of 1500 'A' characters. This exploitation not only crashes the FTP server but also allows for overwriting of system registers, potentially leading to unauthorized code execution.
Impact
Exploitation of this vulnerability causes a denial-of-service condition by crashing the FTP server. Additionally, the buffer overflow could be leveraged to overwrite registers and execute unauthorized code, with the potential for escalating privileges to root, according to the vulnerability disclosure.
Reproduction
The vulnerability can be reproduced by using an FTP client to connect to the affected FTP server. After logging in, the NLST command can be issued with a buffer of 1500 'A' characters. This will overwrite certain registers and crash the FTP server.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.