Title: ACLogic CesarFTP Remote Resource Exhaustion Vulnerability
Severity: MODERATE
Description:
CesarFTP is a freely available FTP server application built for the Windows platform.
It has been reported that CesarFTP is prone to a remote resource exhaustion vulnerability. This issue is due to the application failing to properly validate user input.
The problem revolves around the buffer allocated to contain the directory request string supplied by the user. An authenticated user supplying a string that is excessively long may cause the server to hang due to CPU resource exhaustion. This will cause the server to be unable to service other requests and thus denying access to legitimate users.
Successful exploitation of this issue may cause the affected server to hang, denying service to legitimate users. It has been conjectured that this issue may be due to a boundary management problem that may lead to arbitrary code execution, however this has yet to be verified.
This issue has been reported to affect version 0.99e of the software, however earlier versions may be affected as well.
Affected Products:
- ACLogic CesarFTP 0.99.0 e
- ACLogic CesarFTP 0.99.0 g
- Voice Of Web AllMyLinks 0.3.0
- Voice Of Web AllMyLinks 0.4.0
- Voice Of Web AllMyLinks 0.4.1
- Voice Of Web AllMyLinks 0.4.3
- Voice Of Web AllMyLinks 0.4.4
- Voice Of Web AllMyLinks 0.4.9
- Voice Of Web AllMyLinks 0.5.0
References:
- ACLogic: CesarFTP Homepage
- Voice Of Web: AllMyPHP Product Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
