| VID |
16121 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The Gene6 FTP server, according to its banner, has multiple buffer overflow flaws which exist in versions 3.7.0 and earlier. Gene6 FTP Server is an FTP server for Microsoft Windows platforms. Gene6 FTP Server version 3.7.0 and earlier versions are vulnerable to multiple buffer overflow vulnerabilities in the 'MKD', 'RMD', 'XMKD', and 'XRMD' commands. By sending a specially-crafted 'MKD', 'RMD', 'XMKD', or 'XRMD' command, a remote attacker could cause the server to crash or execute arbitrary code on the affected host.
* Note: This check solely relied on the banner of the remote FTP server to assess this vulnerability, so this might be a false positive.
* References:
http://www.securityfocus.com/archive/1/432839/30/0/threaded
http://www.g6ftpserver.com/forum/index.php?showtopic=2515
http://www.frsirt.com/english/advisories/2006/1658
http://www.osvdb.org/25238
http://secunia.com/advisories/19965
* Platforms Affected:
Gene6 FTP Server version 3.7.0 and earlier versions
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Gene6 FTP Server (3.8.0 or later), available from the Gene6 FTP Server Web site at http://gene6.com/ |
| Related URL |
CVE-2006-2172 (CVE) |
| Related URL |
17810 (SecurityFocus) |
| Related URL |
26237 (ISS) |
|
