CVE-2010-20034

{"id": "CVE-2010-20034", "cveTags": [{"tags": ["unsupported-when-assigned"], "sourceIdentifier": "disclosure@vulncheck.com"}], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-21T21:15:33.443", "references": [{"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/gekkomgr_list_reply.rb", "source": "disclosure@vulncheck.com"}, {"url": "https://web.archive.org/web/20111016194057/https://www.corelan.be/index.php/2010/10/12/death-of-an-ftp-client/", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/16728", "source": "disclosure@vulncheck.com"}, {"url": "https://www.gekkomanager.com/", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/gekko-manager-ftp-client-stack-buffer-overflow", "source": "disclosure@vulncheck.com"}, {"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/gekkomgr_list_reply.rb", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}, {"url": "https://www.exploit-db.com/exploits/16728", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "Gekko Manager FTP Client <= 0.77 contains a stack-based buffer overflow in its FTP directory listing parser. When processing a server response to a LIST command, the client fails to properly validate the length of filenames. A crafted response containing an overly long filename can overwrite the Structured Exception Handler (SEH), potentially allowing remote code execution."}, {"lang": "es", "value": "Gekko Manager FTP Client (versi\u00f3n &lt;= 0.77) presenta un desbordamiento de b\u00fafer basado en pila en su analizador de listados de directorios FTP. Al procesar una respuesta del servidor a un comando LIST, el cliente no valida correctamente la longitud de los nombres de archivo. Una respuesta manipulada con un nombre de archivo demasiado largo puede sobrescribir el Gestor de Excepciones Estructuradas (GEH), lo que podr\u00eda permitir la ejecuci\u00f3n remota de c\u00f3digo."}], "lastModified": "2025-08-22T18:08:51.663", "sourceIdentifier": "disclosure@vulncheck.com"}