WinFtp Server Data Handling Denial of Service Vulnerability

Posted on Wednesday, December 20, 2006 @ 17:00:04 UTC in Security
by Raven

SECUNIA ADVISORY ID: SA23412

VERIFY ADVISORY: http://secunia.com/advisories/23412/

CRITICAL: Moderately critical

IMPACT: DoS

SOFTWARE: WinFtp Server 2.x - http://secunia.com/product/12923/

DESCRIPTION: shinnai has discovered a vulnerability in WinFtp Server, which can be exploited by malicious people to cause a DoS (Denial of Service).


The vulnerability is caused due to an off-by-one error when processing data received from the client. This can be exploited to crash the service by sending an overly long string (greater than 500 bytes) to the service. The vulnerability is confirmed in version 2.0.2. Other versions may also be affected.

SOLUTION: Restrict access to the FTP service.

PROVIDED AND/OR DISCOVERED BY: shinnai
 
 
click Related        click Share
 
News ©

Site Info

Last SeenLast Seen
  • neralex
  • nextgen
Server TrafficServer Traffic
  • Total: 481,641,878
  • Today: 9,180
Server InfoServer Info
  • Mar 29, 2024
  • 06:35 am UTC