NVD

Id
58260  
Name
CVE-2007-6263  
Description
The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, when certain modifications to support SSL have been introduced, calls fclose on an uninitialized file stream, which allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via some types of FTP over SSL protocol behavior, as demonstrated by breaking a passive FTP DATA connection in a way that triggers an error in the server"s SSL_accept function. NOTE: the netkit ftp issue is covered by CVE-2007-5769.  
Reject
 
CVSS Version
2  
CVSS Score
9.3  
Severity
High  
CVSS Base Score
9.3  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-07  
Published
2007-12-06  
Modified Date
2009-09-15  
Seq
2007-6263  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
298685 58260 CVE-2007-6263 http://bugs.gentoo.org/show_bug.cgi?id=199206  View
298686 58260 CVE-2007-6263 20071207 netkit-ftpd/ftp uninitialized vulnerability  View
298687 58260 CVE-2007-6263 GLSA-200801-17  View
298688 58260 CVE-2007-6263 26763  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
55999 JVNDB-2007-004691 netkit ftpd の dataconn 関数におけるサービス運用妨害 (DoS) の脆弱性 netkit ftpd (netkit-ftpd) の ftpd.c の dataconn 関数は、導入済みのSSL 対応に特定の変更がされた際、未初期化のファイルストリーム上で fclose を呼び出すため、サービス運用妨害 (デーモンクラッシュ) 状態となるなど、不特定の影響を受ける脆弱性が存在します。 CVE-2007-6263 29618 CVE-2007-6263 58260 9.3 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-004691.html 2007-11-15 2012-09-25 View