XM Easy Personal FTP Server Multiple Remote Vulnerabilities

Bugtraq ID:	22747
Class:	Unknown
CVE:	CVE-2007-1195
Remote:	Yes
Local:	No
Published:	Feb 28 2007 12:00AM
Updated:	Jun 17 2012 12:03AM
Credit:	Umesh Wanve is credited with the discovery of this vulnerability.
Vulnerable:	XM Easy Personal FTP Server 5.3 XM Easy Personal FTP Server 5.0.1 XM Easy Personal FTP Server 5.2.1
Not Vulnerable:

XM Easy Personal FTP Server Multiple Remote Vulnerabilities

XM Easy Personal FTP Server is prone to multiple remote vulnerabilities, including multiple buffer-overflow issues and format-string issues.

Exploiting these issues allows remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely crash applications, denying service to legitimate users.

Version 5.3.0 is vulnerable to these issues; other versions may also be affected.

XM Easy Personal FTP Server Multiple Remote Vulnerabilities

An attacker can exploit these issues by using standard network utilities.

The following proof-of-concept and exploit are available:

• /data/vulnerabilities/exploits/22747.pl
• /data/vulnerabilities/exploits/22747.py

XM Easy Personal FTP Server Multiple Remote Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

XM Easy Personal FTP Server Multiple Remote Vulnerabilities

References:

• XM Easy Personal FTP Server Homepage (dxmsoft)