VicFTPS LIST Command Denial Of Service Vulnerability Network Vulnerability

Summary

This host is running VicFTPS FTP Server which is prone to Denial of Service Vulnerability.

Impact

Successful exploitation allows attackers to execute arbitrary code, and can crash the affected application. Impact Level: Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

A NULL pointer dereference error exists while processing malformed arguments passed to a LIST command that starts with a '/\/' (forward slash, backward slash, forward slash).

Affected

VicFTPS Version 5.0 and prior on Windows.

References

http://secunia.com/advisories/29943

Updated on 2017-03-28

Severity

Classification

CVE CVE-2008-2031, CVE-2008-6829
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Crash SMC AP
Denial of Service vulnerability in AVG Anti-Virus (Linux)
ClamAV 'cli_pdf()' and 'cli_scanicon()' Denial of Service Vulnerabilities (Win
Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Mac OS X)
FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows)

VicFTPS LIST Command Denial of Service Vulnerability

Take action and discover your vulnerabilities