Gene6 FTP Server MKD and XMKD command denial of service
|gene6-ftp-mkd-xmkd-dos (26237)||Medium Risk|
Gene6 FTP Server is vulnerable to a denial of service attack. A remote attacker could send a specially-crafted MKD or XMKD command to cause the server to crash.
Denial of Service
Upgrade to the latest version of Gene6 FTP (126.96.36.199 or later), available from the Gene6 FTP Web site. See References.
- BugTraq Mailing List, 2006-05-03 9:41:08: Re: FTP Fuzzer.
- BugTraq Mailing List, Sat Nov 12 2005 - 17:42:01 CST: FTP Fuzzer. (Timestamp appears to be wrong)
- Gene6 FTP Server Web site: Gene6 FTP Server.
- BID-17810: Gene6 FTP Server Multiple Commands Remote Buffer Overflow Vulnerabilities
- CVE-2006-2172: Buffer overflow in Gene6 FTP Server 3.1.0 allows remote authenticated attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to (1) MKD or (2) XMKD, as demonstrated by the Infigo FTPStress Fuzzer.
- OSVDB ID: 25238: Gene6 FTP Server Multiple Command Remote Overflows
- SA19965: Gene6 FTP Server MKD/XMKD Denial of Service Vulnerability
- Gene6 Gene6 FTP Server 3.7.0
May 03, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this