RaidenFTPd IXceedCompression multiple denial of service vulnerabilities

2007.04.26
Credit: Michal Bucko
Risk: Low
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 7.8/10
Impact Subscore: 6.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Complete

Synopsis: RaidenFTPd IXceedCompression multiple denial of service vulnerabilities Product: RaidenFTP Version: 2.4 Author: sapheal Issue: ====== RaidenFTP XceddZipLib (RaidenFTPD.dll) is prone to multiple remote denial of service vulnerabilities. Details: ======== Funcions: CalculateCrc, Compress and Uncompress cannot properly handle the given input. Successful exploitation of the issue allows local attackers to trigger the application's crash (due to null pointer dereference). Credits: ======== Michal Bucko (sapheal), hackpl Disclaimer: =========== This document and all the information it contains are provided "as is", for educational purposes only, without warranty of any kind, whether express or implied. The authors reserve the right not to be responsible for the topicality, correctness, completeness or quality of the information provided in this document. Liability claims regarding damage caused by the use of any information provided, including any kind of information which is incomplete or incorrect, will therefore be rejected.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top