You are here

U-043: Attachmate Reflection Buffer Overflow in FTP Client Lets Remote Servers Execute Arbitrary Code

November 22, 2011 - 8:00am

Addthis

PROBLEM:

Attachmate Reflection Buffer Overflow in FTP Client Lets Remote Servers Execute Arbitrary Code.

PLATFORM:

14.1.1173 and prior versions

The following product versions are affected:
Reflection for HP version 14.x
Reflection for UNIX and OpenVMS version 14.x
Reflection for ReGIS Graphics version 14.x
Reflection for IBM version 14.x
Reflection X version 14.x

ABSTRACT:

A remote server can execute arbitrary code on the connected target system.

reference LINKS:

Security Updates and Reflection
Attachmate Support Lifecycle
Attachmate Downloads
SecurityTracker Alert ID: 1026340

IMPACT ASSESSMENT:

Medium

Discussion:

A vulnerability was reported in Attachmate Reflection. A remote user can execute arbitrary code on the target system. A remote server can return a specially crafted directory name in response to an FTP LIST command to trigger a heap overflow and execute arbitrary code on the connected target client. The code will run with the privileges of the target client.

Impact:

A remote server can execute arbitrary code on the connected target system.

Solution:

The issue will be resolved in the next major release or service pack. Maintained customers can contact Attachmate Technical Support to request the hotfix appropriate for their environment: 14.1.1.206 or higher (32- or 64-bit), which can be applied to Reflection 14.1 SP1:
Attachmate Download Library

Addthis