XM Easy Personal FTP Server USER Command Server Log Format String

2006-05-03T04:17:34
ID OSVDB:25314
Type osvdb
Reporter Sol()
Modified 2006-05-03T04:17:34

Description

Vulnerability Description

XM Easy Personal FTP Server contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when the server log displays format string characters passed to the 'USER' command. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

XM Easy Personal FTP Server contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when the server log displays format string characters passed to the 'USER' command. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.dxm2008.com/ Secunia Advisory ID:19970 Related OSVDB ID: 25277 FrSIRT Advisory: ADV-2006-1673