Crob FTP Server Remote Denial Of Service Vulnerability

Bugtraq ID:	9651
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2004-0282
Remote:	Yes
Local:	No
Published:	Feb 12 2004 12:00AM
Updated:	Jul 12 2009 02:06AM
Credit:	Discovery of this issue has been credited to gsicht gsicht <[email protected]>.
Vulnerable:	Francisco Burzi PHP-Nuke 6.9 Francisco Burzi PHP-Nuke 6.7 Francisco Burzi PHP-Nuke 6.6 Francisco Burzi PHP-Nuke 6.5 RC3 Francisco Burzi PHP-Nuke 6.5 RC2 Francisco Burzi PHP-Nuke 6.5 RC1 Francisco Burzi PHP-Nuke 6.5 FINAL Francisco Burzi PHP-Nuke 6.5 BETA 1 Francisco Burzi PHP-Nuke 6.5 Francisco Burzi PHP-Nuke 6.0 Francisco Burzi PHP-Nuke 5.6 Francisco Burzi PHP-Nuke 5.5 Francisco Burzi PHP-Nuke 5.4 Francisco Burzi PHP-Nuke 5.3.1 Francisco Burzi PHP-Nuke 5.2 a Francisco Burzi PHP-Nuke 5.2 Francisco Burzi PHP-Nuke 5.1 Francisco Burzi PHP-Nuke 5.0.1 Francisco Burzi PHP-Nuke 5.0 Crob Crob FTP Server 3.5.2
Not Vulnerable:

Crob FTP Server Remote Denial Of Service Vulnerability

It has been reported that the Crob FTP server is prone to a remote denial of service vulnerability. An attacker may exploit this issue to cause the affected server to crash, denying service to legitimate users.

Crob FTP Server Remote Denial Of Service Vulnerability

The following exploit has been provided:

• /data/vulnerabilities/exploits/phpNukeSearchModExploit.php
• /data/vulnerabilities/exploits/crobConDisconExploit.c

Crob FTP Server Remote Denial Of Service Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Crob FTP Server Remote Denial Of Service Vulnerability

References:

• Crob FTP Server (Crob )
  
• crob ftpd Denial of Service (gsicht gsicht )
  
• PHPNuke 6.9 > and below SQL Injection in multiple module (pokley )