Enceladus Server suite 3.9.11 Release Date: ------------- June 15,2003 Severity --------- High(Remote crash-code execution) Systems Affected: ----------------- Enceladus Server Suite 3.9.11 (possibly all the older versions are vulnerable) Description: Enceladus Server Suite is a package that contains A web and an ftp server.Many buffer overflows found on the ftp server that allows you to crash the ftp server or execute arbitary code. Exploit code: ------------- By connecting on the ftp and supplying a big CWD or STAT command the ftp server will stop responding. CWD A * 280 Stat A * 340 After giving this command even the HTTP server will crash:) Credit: Dr_insane Feedback: Please send comments to: dr_insane@pathfinder.gr http://members.lycos.co.uk/r34ct/