Vulnerability CVE-2005-0315


Published: 2005-01-27   Modified: 2012-02-12

Description:
The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify that the IP address in a PORT command is the same as the IP address of the user of the FTP session, which allows remote authenticated users to use the server as an intermediary for port scanning.

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.6/10
6.4/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Amax information technologies -> Magic winmail server 

 References:
http://xforce.iss.net/xforce/xfdb/19115
http://www.securityfocus.com/bid/12388
http://marc.theaimsgroup.com/?l=bugtraq&m=110685011825461&w=2
http://securitytracker.com/id?1013017
http://secunia.com/advisories/14053

Copyright 2024, cxsecurity.com

 

Back to Top