Podatność CVE-2009-4048


Publikacja: 2009-11-23   Modyfikacja: 2012-02-13

Opis:
Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to cause a denial of service (daemon outage) via an APPE command to one socket in conjunction with a DELE command to a second socket.

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
Low
XM Easy Personal FTP Serve Remote Denial of Service Vulnerability
zhangmc
24.11.2009

Typ:

CWE-Other

Producent: Dxmsoft
Produkt: Xm easy personal ftp server 
Wersje: 5.8.0;

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
4/10
2.9/10
8/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Niska
Jednorazowa
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Brak
Brak
Częściowy

 Referencje:
http://www.securityfocus.com/archive/1/507853/100/0/threaded
http://www.securityfocus.com/bid/37016
https://exchange.xforce.ibmcloud.com/vulnerabilities/54277

Podobne CVE
CVE-2009-3643
Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote attackers to cause a denial of service via a long argument to the (1) LIST and (2) NLST commands, a differnt issue than CVE-2008-5626 and CVE-2006-5728.
CVE-2008-5626
XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to cause a denial of service via a crafted argument to the NLST command, as demonstrated by a -1 argument.
CVE-2007-1195
Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might overlap CVE-2006-2225, CVE-2006-2226, or CVE-2006-5728.
CVE-2006-6750
Format string vulnerability in XM Easy Personal FTP Server 5.0.1 allows remote attackers to cause a denial of service (application crash) via format string specifiers in a long PORT command. NOTE: this issue might be related to CVE-2006-2226.
CVE-2006-6751
Format string vulnerability in XM Easy Personal FTP Server 5.2.1 allows remote attackers to cause a denial of service (application crash) via format string specifiers in the USER command or certain other available or nonexistent commands. NOTE: It w...
CVE-2006-5728
XM Easy Personal FTP Server 5.2.1 and earlier allows remote authenticated users to cause a denial of service via a long argument to the NLST command, possibly involving the -al flags.
CVE-2006-2225
Buffer overflow in XM Easy Personal FTP Server 4.3 and earlier allows remote attackers to execute arbitrary code, probably via a USER command with a long username.
CVE-2006-2226
Buffer overflow in XM Easy Personal FTP Server 4.2 and 5.0.1 allows remote authenticated users to cause a denial of service via a long argument to the PORT command.

Copyright 2019, cxsecurity.com

 

Back to Top