PT-2005-1393 · Magic · Magic Winmail Server

Tan Chew Keong

Published

2005-01-27

Updated

2017-07-11

CVE-2005-0315

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Magic Winmail Server version 4.0 Build 1112

Description The issue concerns the FTP service, which fails to verify if the IP address in a PORT command matches the IP address of the user's FTP session. This allows remote authenticated users to utilize the server for port scanning.

Recommendations For Magic Winmail Server version 4.0 Build 1112, consider restricting access to the FTP service until a fix is available, or apply configuration changes to verify the IP address in PORT commands to prevent unauthorized use.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-0315

Affected Products

Magic Winmail Server

PT-2005-1393 · Magic · Magic Winmail Server

CVE-2005-0315

Related Identifiers

Affected Products

References · 7