Vulnerability Description
The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify that the IP address in a PORT command is the same as the IP address of the user of the FTP session, which allows remote authenticated users to use the server as an intermediary for port scanning.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amax Information Technologies | Magic Winmail Server | 4.0 |
References
- http://marc.info/?l=bugtraq&m=110685011825461&w=2
- http://secunia.com/advisories/14053
- http://securitytracker.com/id?1013017
- http://www.securityfocus.com/bid/12388PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19115
- http://marc.info/?l=bugtraq&m=110685011825461&w=2
- http://secunia.com/advisories/14053
- http://securitytracker.com/id?1013017
- http://www.securityfocus.com/bid/12388PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19115
FAQ
What is CVE-2005-0315?
CVE-2005-0315 is a vulnerability with a CVSS score of 4.6 (MEDIUM). The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify that the IP address in a PORT command is the same as the IP address of the user of the FTP session, which allows remote authentic...
How severe is CVE-2005-0315?
CVE-2005-0315 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0315?
Check the references section above for vendor advisories and patch information. Affected products include: Amax Information Technologies Magic Winmail Server.