PT-2014-4183 · Core Ftp · Core Ftp Server
Published
2014-05-02
·
Updated
2014-05-02
·
CVE-2014-1441
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Core FTP Server version 1.2 before build 515
Description
The issue allows remote attackers to cause a denial of service, resulting in a crash, via an AUTH SSL command with malformed data. This can be triggered by sending an AUTH SSL command with specially crafted input, such as pressing the enter key twice.
Recommendations
For Core FTP Server version 1.2 before build 515, update to build 515 or later to resolve the issue. As a temporary workaround, consider restricting access to the AUTH SSL command to minimize the risk of exploitation.
Exploit
Fix
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Core Ftp Server