Secunia Security Advisory - A vulnerability has been discovered in httpdx, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
4e406de2978c80e6edb83da36ed088580524beda59529b3a57be5da95d8afe81
----------------------------------------------------------------------
Secunia integrated with Microsoft WSUS
http://secunia.com/blog/71/
----------------------------------------------------------------------
TITLE:
httpdx "f_command()" FTP Command Format String Vulnerability
SECUNIA ADVISORY ID:
SA38486
VERIFY ADVISORY:
http://secunia.com/advisories/38486/
DESCRIPTION:
A vulnerability has been discovered in httpdx, which can be exploited
by malicious people to cause a DoS (Denial of Service) and potentially
compromise a vulnerable system.
The vulnerability is caused due to a format string error within the
"f_command()" function in httpdx_src/ftp.cpp, which can be exploited
to cause a crash and potentially execute arbitrary code by sending a
specially crafted FTP command containing format string specifiers to
the server.
The vulnerability is confirmed in version 1.5.2. Other versions may
also be affected.
SOLUTION:
Use in trusted networks only. Block access to the FTP service.
PROVIDED AND/OR DISCOVERED BY:
loneferret
ORIGINAL ADVISORY:
http://www.exploit-db.com/exploits/11343
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------