Vulnerability Details : CVE-2016-5764
Micro Focus Rumba FTP 4.X client buffer overflow makes it possible to corrupt the stack and allow arbitrary code execution. Fixed in: Rumba FTP 4.5 (HF 14668). This can only occur if a client connects to a malicious server.
Vulnerability category: Overflow
Products affected by CVE-2016-5764
- cpe:2.3:a:microfocus:rumba_ftp:4.5:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:rumba_ftp:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:rumba_ftp:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:rumba_ftp:4.4:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:rumba_ftp:4.3:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:rumba_ftp:4.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-5764
1.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 85 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-5764
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2016-5764
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-5764
-
https://www.exploit-db.com/exploits/40651/
Rumba FTP Client 4.x - Remote Stack Buffer Overflow (SEH)
-
http://www.securityfocus.com/bid/93974
Microfocus Rumba FTP CVE-2016-5764 Stack Buffer Overflow Vulnerability
-
http://community.microfocus.com/microfocus/mainframe_solutions/rumba/w/knowledge_base/28731.rumba-ftp-4-x-security-update.aspx
Rumba FTP 4.x Security Update - Micro Focus Community - 1751683Vendor Advisory
Jump to