Vulnerabilities > CVE-2009-4593 - Remote Denial of Service vulnerability in Bftpd

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

jesse-smith

NVD

Published: 2010-01-07

Updated: 2010-01-08

Summary

The bftpdutmp_log function in bftpdutmp.c in Bftpd before 2.4 does not place a '\0' character at the end of the string value of the ut.bu_host structure member, which might allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors. NOTE: some of these details are obtained from third party information.

Vulnerable Configurations

Part	Description	Count
Application	Jesse_Smith Jesse Smith Bftpd 1.6 Jesse Smith Bftpd 1.7 Jesse Smith Bftpd 1.7.2 Jesse Smith Bftpd 1.8 Jesse Smith Bftpd 2.0.2 Jesse Smith Bftpd 2.0.3 Jesse Smith Bftpd 2.1 Jesse Smith Bftpd 2.1.1 Jesse Smith Bftpd 2.1.2 Jesse Smith Bftpd 2.2 Jesse Smith Bftpd 2.2.1 Jesse Smith Bftpd *	12

Summary

Vulnerable Configurations

References