| VID |
12026 |
| Severity |
30 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The PlatinumFTP server is vulnerable to a Denial of Service attack via a malformed CD command.
The PatinumFTP server, written by BYTE/400, is a FTP server engine that runs as an application on Windows. It simplifies management of all your FTP clients with regards to exchanging files over an IP connection.
The denial of service flaw arises when a remote attacker sends a 'CD' command with "@/.." strings. It can leads to a Denial of Service Condition where the server will use 99% on the CPU time.
* Platforms Affected:
PlatinumFTPserver V1.0.6 and V1.0.7
* References:
http://online.securityfocus.com/bid/6494
http://www.iss.net/security_center/static/10955.php
http://www.securiteam.com/windowsntfocus/5DP0D0U8UC.html |
| Recommendation |
Upgrade to the PlatinumFTPserver (1.0.8 or later) version, available from the PlatinumFTPserver web site: http://www.platinumftp.com/platinumftpserver.php
Now the latest version, PlatinumFTPserver 1.0.9, is released on Feb. 2, 2003. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
