Multiple Vendor FTP Server Long Command Handling Security Vulnerability

Bugtraq ID: 31289
Class: Design Error
CVE: CVE-2008-4247
CVE-2008-4242
CVE-2008-7016
Remote: Yes
Local: No
Published: Sep 20 2008 12:00AM
Updated: Jul 13 2010 11:16PM
Credit: Maksymilian Arciemowicz, SecurityReason
Vulnerable: tnftpd tnftpd 20080609
Sun Solaris 9_x86
Sun Solaris 9_sparc
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Solaris 10_x86
Sun Solaris 10_sparc
SmbFTPD SmbFTPD 2.1
Red Hat Fedora 9
Red Hat Fedora 8
ProFTPD Project ProFTPD 1.3.1
OpenBSD OpenBSD 4.3
NetBSD NetBSD 3.0.2
NetBSD NetBSD 3.0.1
NetBSD NetBSD Current
NetBSD NetBSD 4.0 BETA2
NetBSD NetBSD 4.0
NetBSD NetBSD 4,0_Beta
NetBSD NetBSD 3.1_RC3
NetBSD NetBSD 3.1
Navision Financials Server 3.0
Mandriva Linux Mandrake 2009.0 x86_64
Mandriva Linux Mandrake 2009.0
Mandriva Linux Mandrake 2008.1 x86_64
Mandriva Linux Mandrake 2008.1
Mandriva Linux Mandrake 2008.0 x86_64
Mandriva Linux Mandrake 2008.0
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0
Luke Mewburn lukemftp 0
FreeBSD FreeBSD 7.1 -RELEASE-p1
FreeBSD FreeBSD 7.1 -PRE-RELEASE
FreeBSD FreeBSD 7.0-STABLE
FreeBSD FreeBSD 7.0-RELEASE
FreeBSD FreeBSD 7.0 -RELENG
FreeBSD FreeBSD 7.0
FreeBSD FreeBSD 6.4 -RELEASE
FreeBSD FreeBSD 6.3 -RELENG
FreeBSD FreeBSD 6.3
Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 mipsel
Debian Linux 4.0 mips
Debian Linux 4.0 m68k
Debian Linux 4.0 ia-64
Debian Linux 4.0 ia-32
Debian Linux 4.0 hppa
Debian Linux 4.0 arm
Debian Linux 4.0 amd64
Debian Linux 4.0 alpha
Debian Linux 4.0
BSD Perimeter pfSense 1.2.1
BSD Perimeter pfSense 1.2-RC4
BSD Perimeter pfSense 1.2-RC3
BSD Perimeter pfSense 1.2-RC2
BSD Perimeter pfSense 1.2-RC1
BSD Perimeter pfSense 1.2
Not Vulnerable: tnftpd tnftpd 20080929
SmbFTPD SmbFTPD 2.2
BSD Perimeter pfSense 1.2.2


 

Privacy Statement
Copyright 2010, SecurityFocus