Vulnerability Description
WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wftpd Pro Server Project | Wftpd Pro Server | 3.21 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=107801142924976&w=2Mailing List
- http://secunia.com/advisories/11001Broken Link
- http://www.osvdb.org/4116Broken Link
- http://www.securityfocus.com/bid/9767Broken LinkExploitPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15342Third Party AdvisoryVDB Entry
- http://marc.info/?l=bugtraq&m=107801142924976&w=2Mailing List
- http://secunia.com/advisories/11001Broken Link
- http://www.osvdb.org/4116Broken Link
- http://www.securityfocus.com/bid/9767Broken LinkExploitPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15342Third Party AdvisoryVDB Entry
FAQ
What is CVE-2004-0342?
CVE-2004-0342 is a vulnerability with a CVSS score of 5.5 (MEDIUM). WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 ch...
How severe is CVE-2004-0342?
CVE-2004-0342 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0342?
Check the references section above for vendor advisories and patch information. Affected products include: Wftpd Pro Server Project Wftpd Pro Server.