| VID |
16109 |
| Severity |
30 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The Inframail FTP server, according to its banner, has a buffer overflow vulnerability in the NLST command. Infradig Inframail is an SMTP, POP, HTTP, and FTP server for the Microsoft Windows and Linux-based platforms. Inframail Advantage Server Edition version 7.11 and earlier versions are vulnerable to a buffer overflow vulnerability, caused by a vulnerability in the processing of the FTP NLST command. By sending a special-crafted NLST command with an excessively long argument (around 102,400 bytes), a remote attacker could cause the ifmailsvc.exe process to crash.
* Note: This check solely relied on the banner of the remote FTP server to assess this vulnerability, so this might be a false positive.
* References:
http://reedarvin.thearvins.com/20050627-01.html
http://secunia.com/advisories/15828/
http://www.securiteam.com/securitynews/5HP061PGBK.html
* Platforms Affected:
Infradig, Inframail Advantage Server 7.11 and earlier
Linux Any version
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Inframail Advantage Server (7.12 or later), available from the Infradig Web site at http://www.infradig.com/inframail/index.shtml |
| Related URL |
CVE-2005-2085 (CVE) |
| Related URL |
14077 (SecurityFocus) |
| Related URL |
21162 (ISS) |
|
