RaidenFTPd IXceedCompression multiple denial of service vulnerabilities

2007.04.26

Credit: Michal Bucko

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2007-2179

CWE: CWE-Other

CVSS Base Score: 7.8/10

Impact Subscore: 6.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: None

Integrity impact: None

Availability impact: Complete

Synopsis: RaidenFTPd IXceedCompression multiple denial of service
vulnerabilities
Product: RaidenFTP
Version: 2.4
Author: sapheal
Issue:
======
RaidenFTP XceddZipLib (RaidenFTPD.dll) is prone to multiple
remote denial of service vulnerabilities.
Details:
========
Funcions: CalculateCrc, Compress and Uncompress cannot properly handle
the given input. Successful exploitation of the issue allows
local attackers to trigger the application's crash (due to null pointer
dereference).
Credits:
========
Michal Bucko (sapheal), hackpl
Disclaimer:
===========
This document and all the information it contains are provided "as is",
for educational purposes only, without warranty of any kind, whether
express or implied.
The authors reserve the right not to be responsible for the topicality,
correctness, completeness or quality of the information provided in
this document. Liability claims regarding damage caused by the use of
any information provided, including any kind of information which is
incomplete or incorrect, will therefore be rejected.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

RaidenFTPd IXceedCompression multiple denial of service vulnerabilities

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.