FTP Explorer PWD Parameter Denial Of Service Vulnerability
BID:22640
Info
FTP Explorer PWD Parameter Denial Of Service Vulnerability
| Bugtraq ID: | 22640 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-1082 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 20 2007 12:00AM |
| Updated: | Mar 27 2007 07:33PM |
| Credit: | Marsu Pilami is credited with the discovery of this vulnerability. |
| Vulnerable: |
FTPx FTP Explorer 1.0.1 Build 047 |
| Not Vulnerable: |
FTPx FTP Explorer 1.0.1 .52 |
Discussion
FTP Explorer PWD Parameter Denial Of Service Vulnerability
FTP Explorer is prone to a denial-of-service vulnerability because the application fails to properly handle overly long PWD responses.
Exploiting this issue will cause 100% CPU exhaustion, resulting in a denial-of-service condition. Due to the nature of this vulnerability, attackers may be able to execute arbitrary machine code in the context of the affected application.
This issue affects version 1.0.1 Build 047; other versions may also be affected.
FTP Explorer is prone to a denial-of-service vulnerability because the application fails to properly handle overly long PWD responses.
Exploiting this issue will cause 100% CPU exhaustion, resulting in a denial-of-service condition. Due to the nature of this vulnerability, attackers may be able to execute arbitrary machine code in the context of the affected application.
This issue affects version 1.0.1 Build 047; other versions may also be affected.
Exploit / POC
FTP Explorer PWD Parameter Denial Of Service Vulnerability
Currently we are not aware of any exploits for this issue that lead to remote code execution. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
The following exploit code causes a denial-of-service condition:
Currently we are not aware of any exploits for this issue that lead to remote code execution. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
The following exploit code causes a denial-of-service condition:
Solution / Fix
FTP Explorer PWD Parameter Denial Of Service Vulnerability
Solution:
The vendor has released version 1.0.1.25 to address this issue. Please see the references for more information.
Solution:
The vendor has released version 1.0.1.25 to address this issue. Please see the references for more information.