SunFTP is a remote file transfer protocol server used to manage and transfer files over the network. The vulnerability allows remote attackers to cause a denial of service or possibly execute arbitrary commands via a long GET request, exploiting a buffer overflow in SunFTP build 9(1).
You're affected if you use SunFTP version 9(1). Check with: find / -name "sunftp*.bin" 2>/dev/null
Note: This vulnerability is specific to SunFTP build 9(1) and not related to other FTP servers or versions.
Upgrade to a newer version of SunFTP, such as SunFTP 10.0 or later.
- For immediate mitigation:
- Restrict network access to your SunFTP instance (firewall it from the public internet)
- Audit system logs for suspicious activity patterns