Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6263

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-6263
Last Modified 15 Sep 2009 01:09:20
Published 06 Dec 2007 10:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6263

Summary

The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, when certain modifications to support SSL have been introduced, calls fclose on an uninitialized file stream, which allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via some types of FTP over SSL protocol behavior, as demonstrated by breaking a passive FTP DATA connection in a way that triggers an error in the server's SSL_accept function. NOTE: the netkit ftp issue is covered by CVE-2007-5769.

Vulnerable Systems

Application

  • Netkit-ftp Netkit Ftp 0.17


References

BID - 26763

OSVDB - 41191

MISC - http://bugs.gentoo.org/show_bug.cgi?id=199206

GENTOO - GLSA-200801-17

SECUNIA - 28697

FULLDISC - 20071207 netkit-ftpd/ftp uninitialized vulnerability


Last Updated: 27 May 2016 10:46:26