Advisories

WzdFTPD < 8.1 Denial of Service

ID: CVE-2007-0428  BID-22131  BID-22152

Product: WzdFTPD is a ftp server designed to be modular and portable, work under linux/win32/freebsd/openbsd, and to be entirely configurable online using SITE commands. It supports SSL, IPv6, multithreading, external scripts, and it uses Unix-like permissions and ACLs, with virtual users and groups.

WzdFTPD project also supports bandwidth limitation (per user, per group, or globally), group administrators, and per command authorization.

Scope: Remote Denial of Service

Severity: Medium

Timeline:

  • [2006-12-26] Vulnerability discovered
  • [2007-01-08] Vendor contacted (without answer)
  • [2007-01-19] Vulnerability published
  • [2007-01-31] Patched
     

Platforms: Any

Author: Jose Miguel Esparza

Affected versions: WzdFTPD < 8.1

Description: This vulnerability it's due to a bad truncation of blocks and later ruling out of the characters carriage return (\r), line feed (\n) and horizontal tab (\t) after authentication, resulting in a null character that the function chtlb_lookup is not able to handle.

Pwlib/Ekiga Denial of Service

ID: CVE-2007-04897  BID-25642

Product: PWLib is a moderately large C++ class library that originated many years ago as a method to produce applications that run on both Microsoft Windows and Unix X-Windows systems. It also was to have a Macintosh port as well, but this never eventuated. The library is used extensively by many companies for both commercial and Open Source products. The motivation in making PWLib available as Open Source was primarily to support the OpenH323 project, but it is definitely useful as a stand-alone library.

Scope: Remote Denial of Service

Severity: Low-Medium

Timeline:

  • [2007-05-14] Vulnerability discovered
  • [2007-07-09] Vendor contacted
  • [2007-08-15] Ekiga patched
  • [2007-09-11] Vulnerability published
  • [2007-09-27] Pwlib patched
     

Platforms: Any

Author: Jose Miguel Esparza

Affected versions: Pwlib <= 1.10.0 (also the applications which use this library, for example Ekiga <= 2.0.7)

OPAL SIP Protocol Remote Denial of Service

ID: CVE-2007-04924  BID-25955

Product: OPAL (Open Phone Abstraction Layer) is an implementation of various telephony and video communication protocols for use over packet based networks. It's based on code from the OpenH323 project and adds new features such as a stream based architecture, better support for re-use or removal of sub-components, and explicit support for additional protocols.

Scope: Remote Denial of Service

Severity: Low-Medium

Timeline:

  • [2007-06-11] Vulnerability discovered
  • [2007-07-09] Vendor contacted
  • [2007-08-15] Patched
  • [2007-09-17] New version released
  • [2007-10-08] Vulnerability published
     

Platforms: Any

Author: Jose Miguel Esparza

Affected versions: OPAL <= 2.2.8 (also the applications which use this library, for example Ekiga <= 2.0.9)

Description: Thanks to an insufficient input validation of the Content-Length field of a SIP request it is possible to write a null byte causing a denial of service (crash) of the application using this library.

Details:

Syndicate content