CVE Vulnerabilities

CVE-2004-0255

Published: Nov 23, 2004 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

Xlight 1.52, with log to screen enabled, allows remote attackers to cause a denial of service by requesting a long directory consisting of . (dot) and / (slash) characters, which causes the server to crash when the administrator views the log file, possibly triggering a buffer overflow.

Affected Software

Name Vendor Start Version End Version
Xlight_ftp_server Xlight_ftp_server 1.25 (including) 1.25 (including)
Xlight_ftp_server Xlight_ftp_server 1.41 (including) 1.41 (including)
Xlight_ftp_server Xlight_ftp_server 1.45 (including) 1.45 (including)
Xlight_ftp_server Xlight_ftp_server 1.52 (including) 1.52 (including)

References