PT-2005-1393 · Magic · Magic Winmail Server

Tan Chew Keong

Publicado

2005-01-27

Atualizado

2017-07-11

CVE-2005-0315

CVSS v2.0

4.6

Média

Vetor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Magic Winmail Server version 4.0 Build 1112

Description The issue concerns the FTP service, which fails to verify if the IP address in a PORT command matches the IP address of the user's FTP session. This allows remote authenticated users to utilize the server for port scanning.

Recommendations For Magic Winmail Server version 4.0 Build 1112, consider restricting access to the FTP service until a fix is available, or apply configuration changes to verify the IP address in PORT commands to prevent unauthorized use.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2005-0315

Produtos afetados

Magic Winmail Server

PT-2005-1393 · Magic · Magic Winmail Server

CVE-2005-0315

Identificadores relacionados

Produtos afetados

Referências · 7