XLight FTP Server Long Directory Request Remote Denial Of Service Vulnerability
BID:9585
Info
XLight FTP Server Long Directory Request Remote Denial Of Service Vulnerability
| Bugtraq ID: | 9585 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2004-0255 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 05 2004 12:00AM |
| Updated: | Jul 12 2009 02:06AM |
| Credit: | Discovery credited to intuit. |
| Vulnerable: |
XLight FTP Server XLight FTP Server 1.52 XLight FTP Server XLight FTP Server 1.45 XLight FTP Server XLight FTP Server 1.41 XLight FTP Server XLight FTP Server 1.25 |
| Not Vulnerable: | |
Discussion
XLight FTP Server Long Directory Request Remote Denial Of Service Vulnerability
A problem in the handling of large requests has been reported to result in service instability in XLight FTP Server under some circumstances. Because of this, it may be possible for a remote attacker to deny service to legitimate users of the software.
A problem in the handling of large requests has been reported to result in service instability in XLight FTP Server under some circumstances. Because of this, it may be possible for a remote attacker to deny service to legitimate users of the software.
Exploit / POC
XLight FTP Server Long Directory Request Remote Denial Of Service Vulnerability
The following proof-of-concept has been made available by intuit:
ftp://[email protected]/............................................................................................................................................................................................................../*/
The following proof-of-concept has been made available by intuit:
ftp://[email protected]/............................................................................................................................................................................................................../*/
Solution / Fix
XLight FTP Server Long Directory Request Remote Denial Of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
XLight FTP Server Long Directory Request Remote Denial Of Service Vulnerability
References:
References:
- Product Homepage (XLight FTP Server)
- Remote crash Xlight ftp server 1.52 ("intuit e.b."
)