CVE-2007-5256

Name of the Vulnerable Software and Affected Versions: FSD versions 2.052 d9 and earlier FSFDT FSD versions 3.000 d9 and earlier

Description: The issue allows remote attackers to execute arbitrary code via a long HELP command on TCP port 3010 to the sysuser::exechelp function in sysuser.cc. Additionally, remote authenticated users can execute arbitrary code via long commands on TCP port 6809 to the servinterface::sendmulticast function in servinterface.cc.

Recommendations: For FSD versions 2.052 d9 and earlier, consider restricting access to TCP port 3010 and the sysuser::exechelp function until a patch is available. For FSFDT FSD versions 3.000 d9 and earlier, restrict access to TCP port 6809 and the servinterface::sendmulticast function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.