ACLogic CesarFTP Remote Resource Exhaustion Vulnerability
BID:9666
Info
ACLogic CesarFTP Remote Resource Exhaustion Vulnerability
| Bugtraq ID: | 9666 |
| Class: | Input Validation Error |
| CVE: |
CVE-2004-0298 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 16 2004 12:00AM |
| Updated: | Jul 12 2009 03:06AM |
| Credit: | Disclosure of this issue is credited to "intuit e.b." <[email protected]>. |
| Vulnerable: |
Voice Of Web AllMyLinks 0.5 Voice Of Web AllMyLinks 0.4.9 Voice Of Web AllMyLinks 0.4.4 Voice Of Web AllMyLinks 0.4.3 Voice Of Web AllMyLinks 0.4.1 Voice Of Web AllMyLinks 0.4 Voice Of Web AllMyLinks 0.3 ACLogic CesarFTP 0.99 g ACLogic CesarFTP 0.99 e |
| Not Vulnerable: | |
Discussion
ACLogic CesarFTP Remote Resource Exhaustion Vulnerability
It has been reported that CesarFTP is prone to a remote resource exhaustion vulnerability. This issue is due to the application failing to properly validate user input.
Successful exploitation of this issue may cause the affected server to hang, denying service to legitimate users. It has been conjectured that this issue may be due to a boundary management problem that may lead to arbitrary code execution, however this has yet to be verified.
It has been reported that CesarFTP is prone to a remote resource exhaustion vulnerability. This issue is due to the application failing to properly validate user input.
Successful exploitation of this issue may cause the affected server to hang, denying service to legitimate users. It has been conjectured that this issue may be due to a boundary management problem that may lead to arbitrary code execution, however this has yet to be verified.
Exploit / POC
ACLogic CesarFTP Remote Resource Exhaustion Vulnerability
No exploit is required to leverage this issue. The following proof of concept has been provided:
ftp://www.example.com/user:[email protected]/< ... >=4084 symbols ... >/
No exploit is required to leverage this issue. The following proof of concept has been provided:
ftp://www.example.com/user:[email protected]/< ... >=4084 symbols ... >/
Solution / Fix
ACLogic CesarFTP Remote Resource Exhaustion Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
ACLogic CesarFTP Remote Resource Exhaustion Vulnerability
References:
References:
- AllMyPHP Product Page (Voice Of Web)
- CesarFTP Homepage (ACLogic)
- AllMyGuests PHP Code Injection vulnerability (Pablo Santana
- CesarFTP 0.99 : 100% employment of computer resources ("intuit e.b."