CVE

Id
8683  
CVE No.
CVE-2004-0255  
Status
Candidate  
Description
Xlight 1.52, with log to screen enabled, allows remote attackers to cause a denial of service by requesting a long directory consisting of . (dot) and / (slash) characters, which causes the server to crash when the administrator views the log file, possibly triggering a buffer overflow.  
Phase
Proposed (20040318)  
Votes
NOOP(4) Armstrong, Cole, Cox, Wall | REVIEWING(1) Christey  
Comments
Christey> MISC:http://www.xlightftpd.com/forum/viewtopic.php?t=40 | In the above URL, the vendor says that only one of 3 bugs | reported in February 2004 were an "actual server bug," and the other 2 | "traced back into windows" dll and they won"t happen if windows | service pack is installed. | | The "actual server bug" is CVE-2004-0287. The demonstration | for *this* issue shows that the application breaks in comctl32.dll. | So, this candidate may be erroneous, and an interesting side effect of | another bug that"s not related to xlight at all. | | Thus, this candidate may need to be REJECTED.  

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
54681 8683 CVE-2004-0255 BUGTRAQ:20040205 Remote crash Xlight ftp server 1.52  View
54682 8683 CVE-2004-0255 URL:http://marc.info/?l=bugtraq&m=107605633904122&w=2  View
54683 8683 CVE-2004-0255 XF:xlight-long-string-dos(15064)  View
54684 8683 CVE-2004-0255 URL:http://xforce.iss.net/xforce/xfdb/15064  View
54685 8683 CVE-2004-0255 BID:9585  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
62686 JVNDB-2004-000027 GNU Libtool におけるセキュリティ上不適切な方法で作成される一時ファイルの脆弱性 GNU Libtool には、コンパイルモードで共有ライブラリを作成する際に、セキュリティ上不適切な方法で一時ファイルを作成するため、シンボリックリンク攻撃を受ける脆弱性が存在します。 CVE-2004-0256 8683 2.1 http://jvndb.jvn.jp/ja/contents/2004/JVNDB-2004-000027.html  View