Intuit

**Name of the Vulnerable Software and Affected Versions** Xlight version 1.52 **Description** The issue allows remote attackers to cause a denial of service by requesting a long directory consisting of `.` (dot) and `/` (slash) characters. This causes the server to crash when the administrator views the log file, possibly triggering a buffer overflow. **Recommendations** For Xlight version 1.52, consider disabling the log to screen feature as a temporary workaround to minimize the risk of exploitation. Restrict access to the log file to prevent administrators from viewing it until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Xlight FTP server version 1.52 **Description** The issue allows remote authenticated users to cause a denial of service, resulting in a crash, by sending a RETR command with a long argument containing a large number of / (slash) characters. This could potentially trigger a buffer overflow. **Recommendations** For Xlight FTP server version 1.52, consider restricting access to the RETR command or limiting the length of arguments passed to it as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** smallftpd version 0.99 **Description** The issue is related to a buffer overflow that can be triggered by a local user through an FTP request containing a large number of "/" characters, leading to a denial of service (crash). **Recommendations** For smallftpd version 0.99, consider restricting access to the FTP service until a patch is available to prevent potential denial of service attacks. As a temporary workaround, limiting the size of incoming FTP requests may help mitigate the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TYPSoft FTP Server version 1.10 **Description** The issue allows remote authenticated users to cause a denial of service, specifically CPU consumption, by providing certain arguments to various FTP commands. These commands include mkd, xmkd, dele, size, retr, stor, appe, rnfr, rnto, rmd, and xrmd. The denial of service can be triggered using arguments like "//../" followed by arbitrary characters, such as "//../qwerty". **Recommendations** For TYPSoft FTP Server version 1.10, consider restricting or validating user input for the affected FTP commands to prevent the denial of service. As a temporary workaround, limit the ability of authenticated users to execute these commands with suspicious arguments until a more permanent fix is available.