|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] MidHosting FTPd Shared Memory Denial of Service Vulnerability
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Thu Jun 19 2003 - 06:38:30 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
MidHosting FTPd Shared Memory Denial of Service Vulnerability
READ ONLINE:
http://www.secunia.com/advisories/9074/
CRITICAL:
Not critical
IMPACT:
Security Bypass, DoS
WHERE:
Local system
SOFTWARE:
MidHosting FTPd (MHFTPd) 1.x
DESCRIPTION:
A vulnerability has been reported in MidHosting FTPd, which can be
exploited by malicious users to cause a DoS (Denial of Service) or
bypass certain restrictions.
MidHosting FTPd can be configured to disallow multiple simultaneous
connections from the same user by using the "-m" option. However,
insecure permissions are set on the shared memory storing logged in
users and the related semaphore files.
This can be exploited by a malicious user to bypass the restriction
or crash the service by inserting a non NULL terminated user name.
SOLUTION:
Install the latest version:
http://freeware.tversu.ru/mhftpd/mhftpd.tar.gz
REPORTED BY / CREDITS:
Frank Denis
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]