Secunia Logo
 
FtpXQ Server "MKD" Denial of Service Vulnerability
Secunia Advisory: SA22540
Release Date: 2006-10-25
Last Update: 2006-10-31
Popularity: 4,893 views

Critical:
Less critical
Impact: DoS
Where: From remote
Solution Status: Unpatched

Software:FtpXQ Server 3.x

Subscribe: Instant alerts on relevant vulnerabilities

CVE reference:CVE-2006-5568
CVE-2006-5569


Description:
Greg Linares has discovered a vulnerability in FTPXQ Server, which can be exploited by malicious users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the handling of the "MKD" command. This can be exploited to exhaust available CPU resources by either supplying an overly long argument or any number of certain special characters to the command.

The vulnerability is confirmed in version 3.0.1. Other versions may also be affected.

Solution:
Grant only trusted users access to the FTP service.

Provided and/or discovered by:
Greg Linares

Changelog:
2006-10-26: Update "Description" section.
2006-10-31: Added CVE reference.


Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

Today
New advisories: 12
New vulnerabilities: 67
Updated advisories: 16

Highly // 123 views
Trillian Multiple Vulnerabilities
Less // 112 views
Ubuntu update for nfs-utils
Moderately // 119 views
Debian update for clamav
Moderately // 128 views
Red Hat update for ruby
Moderately // 148 views
SUSE update for kernel

Solutions | More...  


Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. Sun Java JDK / JRE Multiple Vulnerabilities // 231 views
2. Trillian Multiple Vulnerabilities // 106 views
3. Debian update for clamav // 105 views
4. Debian update for linux-2.6.24 // 104 views
5. Ubuntu update for nfs-utils // 102 views
6. Avaya Products ed "strip_escapes()" Buffer Overflow Security Issue // 97 views
7. ImpressCMS "rank_title" Script Insertion Vulnerability // 94 views
8. Adobe Flash Player Multiple Security Issues and Vulnerabilities // 94 views
9. SUSE update for kernel // 74 views
10. Red Hat update for java-1.5.0-sun / java-1.6.0-sun // 66 views