Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.FTP_XLIGHT_OVERFLOW.NASL
HistoryFeb 16, 2004 - 12:00 a.m.

Xlight FTP Server Multiple Remote Overflows

2004-02-1600:00:00
This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
www.tenable.com
12

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.09 Low

EPSS

Percentile

94.6%

JSON

The remot ehost is running a verion of the Xlight FTP server earlier than 1.53. Such versions are reportedly affected by multiple remote buffer overflow vulnerabilities. An attacker could exploit these flaws in order to crash the affected service.

#
# (C) Tenable Network Security, Inc.
# 

# Ref:
# From: "intuit e.b." <[email protected]>
# To: [email protected]
# Date: Sun, 15 Feb 2004 20:51:45 +0800
# Subject: Xlight ftp server 1.52 RETR bug


include("compat.inc");

if(description)
{
 script_id(12056);
 script_cve_id("CVE-2004-0255", "CVE-2004-0287");
 script_bugtraq_id(9585, 9627, 9668);
 script_version ("1.23");
 
 script_name(english:"Xlight FTP Server Multiple Remote Overflows");
 script_summary(english:"Xlight Stack Overflow");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote FTP server is affected by multiple remote buffer overflow
vulnerabilities." );
 script_set_attribute(attribute:"description", value:
"The remot ehost is running a verion of the Xlight FTP server earlier
than 1.53. Such versions are reportedly affected by multiple remote
buffer overflow vulnerabilities. An attacker could exploit these flaws
in order to crash the affected service." );
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2004/Feb/418" );
 script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=107605633904122&w=2" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to Xlight server 1.53 or later, as this reportedly fixes the
issue." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
		 
		 
 script_set_attribute(attribute:"plugin_publication_date", value: "2004/02/16");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/02/05");
 script_cvs_date("Date: 2018/11/15 20:50:22");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();


 
 script_category(ACT_GATHER_INFO);
 script_family(english:"FTP");
 
 
 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
		  
 script_require_ports("Services/ftp", 21);
 script_dependencie("ftpserver_detect_type_nd_version.nasl", "ftp_anonymous.nasl");

 exit(0);
}

include("ftp_func.inc");

port = get_ftp_port(default: 21);

banner = get_ftp_banner(port:port);
if ( ! banner ) exit(1);

if(egrep(pattern:"Xlight server v(0\..*|1\.([0-4][0-9]|5[0-2])[^0-9])", string:banner))security_warning(port);

Related

cvelist 2
nvd 2
cve 2
cvelist
cvelist
CVE-2004-0255
2004-03-18 05:00:00
CVE-2004-0287
2004-03-18 05:00:00
nvd
nvd
CVE-2004-0255
2004-11-23 05:00:00
CVE-2004-0287
2004-11-23 05:00:00
cve
cve
CVE-2004-0287
2004-11-23 05:00:00
CVE-2004-0255
2004-11-23 05:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.09 Low

EPSS

Percentile

94.6%

JSON
Related for FTP_XLIGHT_OVERFLOW.NASL
cvelist2nvd2cve2