Info

Disclosure

May 17, 2005

Discovery

Apr 17, 2005

Dates

Exploit

May 17, 2005

Solution

Unknown

Description

Unknown or Incomplete

Classification

Unknown or Incomplete

Solution

Upgrade to version 7.6 or higher, which allows disabling of FXP if it is not required. It is also possible to correct the flaw by implementing the following workaround(s): 1. Note that if FXP is enabled, the DoS attack is still possible (i.e. PORT 127,0,0,1,x,y is possible). Hence, if you enable FXP, you should only allow trusted users to logon to your FTP server. 2. Set a strong password for the admin interface.

Products

FastStream Technologies

NETFile FTP/Web Server

7.4.6

References

Security Tracker: 1013982
Secunia Advisory ID: 15394
CVE ID: 2005-1646 (see also: NVD)
Vendor URL: http://www.fastream.com/netfileserver.htm
Other Advisory URL: http://www.security.org.sg/vuln/netfileftp746port.html

Credit

Tan Chew Keong - vulnsecunia.com - Secunia Research

Direct URL: http://osvdb.org/16621