Info

Disclosure

May 01, 2006

Discovery

Unknown

Dates

Exploit

May 01, 2006

Solution

Unknown

Description

Golden Server Pro contains a flaw that may allow a remote denial of service. The issue is triggered by sending an overly long NLST or APPE command which could overflow a buffer and crash the service, resulting in loss of availability.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Public

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

KMiNT21 Software

Golden FTP Server Pro

2.70

References

Milw0rm: 1743
Exploit Database: 1743
Bugtraq ID: 17801
Secunia Advisory ID: 19917
CVE ID: 2006-2180 (see also: NVD)
ISS X-Force ID: 26195
VUPEN Advisory: ADV-2006-1640
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0139.html
http://archives.neohapsis.com/archives/vuln-dev/2006-q2/0048.html
Vendor URL: http://www.goldenftpserver.com/
Generic Informational URL: http://www.infigo.hr/en/in_focus/tools

Credit

Leon Juranic - infocusinfigo.hr - Infigo Information Security
Jerome Athias - jeromeathias.fr -

Direct URL: http://osvdb.org/25217