ID OSVDB:34889
Type osvdb
Reporter OSVDB
Modified 2007-04-10T07:34:05
Description
Solution Description
Upgrade to version 1.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
References:
Vendor URL: http://bftpd.sourceforge.net/
Vendor Specific News/Changelog Entry: http://bftpd.sourceforge.net/downloads/CHANGELOG
Secunia Advisory ID:24864
ISS X-Force ID: 33594
FrSIRT Advisory: ADV-2007-1347
CVE-2007-2010
Bugtraq ID: 23406
{"bulletinFamily": "software", "viewCount": 1, "reporter": "OSVDB", "references": [], "description": "## Solution Description\nUpgrade to version 1.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://bftpd.sourceforge.net/\nVendor Specific News/Changelog Entry: http://bftpd.sourceforge.net/downloads/CHANGELOG\n[Secunia Advisory ID:24864](https://secuniaresearch.flexerasoftware.com/advisories/24864/)\nISS X-Force ID: 33594\nFrSIRT Advisory: ADV-2007-1347\n[CVE-2007-2010](https://vulners.com/cve/CVE-2007-2010)\nBugtraq ID: 23406\n", "affectedSoftware": [], "href": "https://vulners.com/osvdb/OSVDB:34889", "modified": "2007-04-10T07:34:05", "enchantments": {"score": {"value": 6.2, "vector": "NONE", "modified": "2017-04-28T13:20:31", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-2010"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7589"]}], "modified": "2017-04-28T13:20:31", "rev": 2}, "vulnersScore": 6.2}, "id": "OSVDB:34889", "title": "bftpd GET/MGET Command File Transfer DoS", "edition": 1, "published": "2007-04-10T07:34:05", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}, "cvelist": ["CVE-2007-2010"], "lastseen": "2017-04-28T13:20:31"}
{"cve": [{"lastseen": "2021-02-02T05:31:22", "description": "Double free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command.", "edition": 6, "cvss3": {}, "published": "2007-04-12T19:19:00", "title": "CVE-2007-2010", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2010"], "modified": "2017-07-29T01:31:00", "cpe": ["cpe:/a:bftpd:bftpd:1.7.2"], "id": "CVE-2007-2010", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2010", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:bftpd:bftpd:1.7.2:*:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2018-08-31T11:09:25", "bulletinFamily": "software", "cvelist": ["CVE-2007-2010"], "description": "Denial of service on processing GET / MGET commands.", "edition": 1, "modified": "2007-04-16T00:00:00", "published": "2007-04-16T00:00:00", "id": "SECURITYVULNS:VULN:7589", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7589", "title": "bftpd FTP server DoS", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}]}
