Golden FTP Server Pro Multiple Commands Denial of Service - Advisories

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0)

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

Golden FTP Server Pro Multiple Commands Denial of Service

Secunia Advisory:	SA19917
Release Date:	2006-05-03
Last Update:	2006-05-09

Critical:	Less critical
Impact:	DoS
Where:	From remote
Solution Status:	Unpatched

Software:	Golden FTP Server Pro 2.x

CVE reference:	CVE-2006-2180 (Secunia mirror)

	This advisory is currently marked as unpatched! - Companies can be alerted when a patch is released!

Description: A vulnerability has been discovered in Golden FTP Server Pro, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the handling of the "NLST", "APPE", and "CWD" commands. This can be exploited to crash the server via specially crafted arguments passed to the commands. Example: NLST /A/A/A/A/A/ [approximate 5836 bytes] CWD //A://A://A://A://A: [approximate 1400 bytes] The vulnerability has been confirmed in version 2.70. Other versions may also be affected. Note: It has been reported that this may allow arbitrary code execution. However, this has not been confirmed. Solution: Restrict access to trusted users only. Provided and/or discovered by: Originally discovered by Infigo Information Security Reported in the "APPE" command by: Jerome Athias Changelog: 2006-05-03: Updated advisory with additional information. 2006-05-08: Added CVE reference. 2006-05-09: Updated advisory with additional information.



Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

4 Related Secunia Security Advisories

1. Golden FTP Server Pro Information Disclosure Weaknesses

2. Golden FTP Server Pro Directory Traversal Vulnerability

3. Golden FTP Server Pro Log Parsing Buffer Overflow Vulnerability

4. Golden FTP Server Pro "RNTO" Command Buffer Overflow

Send Feedback to Secunia

If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	rPath update for kernel and xen

2.	Opera Multiple Vulnerabilities

3.	Folder Lock Weak Password Encryption Security Issue

4.	vBulletin Private Message Subject Script Insertion

5.	neon "parse_domain() " Denial of Service Vulnerability

6.	SunShop Shopping Cart class.ajax.php SQL Injection Vulnerabilities

7.	Subdreamer Light Global Variables SQL Injection Vulnerability

8.	PHP Live Helper Multiple Vulnerabilities

9.	Microsoft Access Snapshot Viewer ActiveX Control Vulnerability

10.	Anzio Web Print Object (WePO) ActiveX Component "mainurl" Buffer Overflow