| VID |
23084 |
| Severity |
30 |
| Port |
504 |
| Protocol |
TCP |
| Class |
Daemon |
| Detailed Description |
The Citadel/UX server, according to its version number, is vulnerable to a denial of service attack in the USER command.
Citadel/UX is an open-source Bulletin Board Service (BBS) software for Unix platforms that supports message forums, email, chat, and instant messaging. Citadel/UX versions 6.23 and earlier are vulnerable to a denial of service vulnerability, which occurs due to insufficient bounds checking when processing 'USER' command arguments. By connecting to port 504 and sending a USER command containing more than 97 bytes, a remote attacker could overflow a buffer and cause the server to crash.
* Note: This check solely relied on the version number of the remote Citadel/UX server to assess this vulnerability, so this might be a False Positive.
* References:
http://www.securityfocus.com/archive/1/370475
http://www.securityfocus.com/archive/1/370611
http://packetstormsecurity.nl/0407-exploits/citadel.advisory-04.txt
http://www.securitytracker.com/alerts/2004/Jul/1010809.html
* Platforms Affected:
Citadel Project, Citadel/UX 6.23 and earlier
Unix Any version |
| Recommendation |
Upgrade to the latest version of Citadel/UX (6.24 or later), available from the Citadel Download Web site at http://uncensored.citadel.org/citadel/download.php |
| Related URL |
CVE-2004-1705 (CVE) |
| Related URL |
10833 (SecurityFocus) |
| Related URL |
16840 (ISS) |
|
