Published: 06/12/2007 Updated: 15/09/2009

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, when certain modifications to support SSL have been introduced, calls fclose on an uninitialized file stream, which allows remote malicious users to cause a denial of service (daemon crash) and possibly have unspecified other impact via some types of FTP over SSL protocol behavior, as demonstrated by breaking a passive FTP DATA connection in a way that triggers an error in the server's SSL_accept function. NOTE: the netkit ftp issue is covered by CVE-2007-5769.

Vulnerable Product	Search on Vulmon	Subscribe to Product
netkit-ftp netkit ftp 0.17

Debian Bug report logs - #454733 linux-ftpd-ssl: CVE-2007-6263 remote denial of service Package: linux-ftpd-ssl; Maintainer for linux-ftpd-ssl is Mats Erik Andersson <matsandersson@gisladiskerse>; Reported by: Nico Golde <nion@debianorg> Date: Fri, 7 Dec 2007 12:48:07 UTC Severity: grave Tags: patch, security Fo ...

CWE-20 http://bugs.gentoo.org/show_bug.cgi?id=199206 http://marc.info/?l=full-disclosure&m=119704348003382&w=2 http://www.gentoo.org/security/en/glsa/glsa-200801-17.xml http://secunia.com/advisories/28697 http://osvdb.org/41191 http://www.securityfocus.com/bid/26763 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454733 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-6263

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect