Vulnerabilities > CVE-2006-2225 - Authentication Buffer Overflow vulnerability in XM Easy Personal FTP Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in XM Easy Personal FTP Server 4.3 and earlier allows remote attackers to execute arbitrary code, probably via a USER command with a long username.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | XM Easy Personal FTP Server. CVE-2006-2225. Dos exploit for windows platform |
| id | EDB-ID:1748 |
| last seen | 2016-01-31 |
| modified | 2006-05-04 |
| published | 2006-05-04 |
| reporter | rewterz |
| source | https://www.exploit-db.com/download/1748/ |
| title | XM Easy Personal FTP Server <= 4.3 USER Remote Buffer Overflow PoC |
Nessus
| NASL family | FTP |
| NASL id | XM_EASY_FTP_USER_OVERFLOW.NASL |
| description | The remote host appears to be using XM Easy FTP Server, a personal FTP server for Windows. The version of XM Easy FTP Server installed on the remote host contains a buffer overflow vulnerability that can be exploited by an unauthenticated user with a specially crafted USER command to crash the affected application or execute arbitrary code on the affected host. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 21338 |
| published | 2006-05-11 |
| reporter | This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/21338 |
| title | XM Easy FTP Server USER Command Buffer Overflow |
References
- http://secunia.com/advisories/19970
- http://securityreason.com/securityalert/851
- http://www.osvdb.org/25277
- http://www.osvdb.org/25314
- http://www.securityfocus.com/archive/1/432960/100/0/threaded
- http://www.securityfocus.com/bid/17836
- http://www.vupen.com/english/advisories/2006/1673
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26256