Alias(es)FTP.Command.USER.Overflow |
Release DateSep 11, 2006 |
Severityhigh |
ImpactDenial of Service. |
DescriptionThis indicates an attempt to exploit a buffer overflow vulnerability in some File Transfer Protocol (FTP) servers.The vulnerability is due to inadequate user input validation of the "USER" command. A remote attacker can cause Denial of Service (DoS) on a vulnerable system by sending it a specially crafted FTP command. |
Affected ProductsShadow Op Software Dragon Server versions 1.0 and 2.0BlackMoon FTP Server versions prior to and including 1.5 FTP servers from other vendors are potentially vulnerable as well. |
Recommended ActionsApply the appropriate patches or upgrade the system to the latest non-vulnerable version. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2006-2212CVE-1999-0256 CVE-2005-3683 CVE-2002-0126 CVE-2000-0479 |
Reference/shttp://www.securityfocus.com/bid/17835 (BugTraq)http://www.securityfocus.com/bid/3884 (BugTraq) http://www.securityfocus.com/bid/15457 (BugTraq) http://www.securityfocus.com/bid/22944 (BugTraq) http://www.securityfocus.com/bid/1352 (BugTraq) http://www.securityfocus.com/bid/48947 (BugTraq) http://www.securityfocus.com/bid/49427 (BugTraq) |
