| VID |
16104 |
| Severity |
30 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The PlatinumFTP server, according to its banner, has a denial of service vulnerability. PlatinumFTPserver is a FTP server for Microsoft Windows platforms. PlatinumFTPserver versions 1.0.18 and earlier are vulnerable to a denial of service vulnerability. This vulnerability is reported to occur when a remote user makes 50 or more connections that attempt to authenticate with a malformed user name. By sending a specially-crafted username containing the form of %s%s%s%s, %.1024d, or \, a remote attacker could cause the affected server to stop responding.
* Note: This check solely relied on the banner of the remote FTP server to assess this vulnerability, so this might be a false positive.
* References:
http://www.securityfocus.com/archive/1/393038
http://archives.neohapsis.com/archives/bugtraq/2005-03/0208.html
* Platforms Affected:
BYTE/400 LTD, PlatinumFTPserver versions 1.0.18 and earlier
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of April 2005.
Upgrade to the new version of PlatinumFTPserver (1.0.18 later), when new version fixed this problem becomes available from the PlatinumFTPserver Web site at http://www.platinumftp.com/platinumftpserver.php |
| Related URL |
CVE-2005-0779 (CVE) |
| Related URL |
12790 (SecurityFocus) |
| Related URL |
19674 (ISS) |
|
