PT-2007-6632 · 3Proxy · 3Proxy
Published
2007-10-29
·
Updated
2018-10-15
·
CVE-2007-5622
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
3proxy versions 0.5 through 0.5.3i
Description
A double free issue in the ftpprchild function in ftppr allows remote attackers to cause a denial of service, resulting in a daemon crash. This can be achieved by sending multiple OPEN commands to the FTP proxy.
Recommendations
For versions 0.5 through 0.5.3i, consider restricting access to the FTP proxy to minimize the risk of exploitation until a patch is available. As a temporary workaround, limiting the number of OPEN commands to the FTP proxy may help mitigate the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
3Proxy