ID
VAR-201006-0506
TITLE
Sysax Multi Server 'SFTP' Module Denial of Service Vulnerability
Trust: 0.6
DESCRIPTION
Sysax Multi Server is an SSH2 and FTP server for Windows. There are multiple denial of service problems in the Sysax Multi Server SFTP module. Unsafe commands include \"open\", \"unlink\", \"mkdir\", etc., and long strings are not handled correctly. An attacker with valid login credentials can exploit these issues to cause the server to crash, resulting in a denial-of-service condition. Other attacks may also be possible. Sysax Multi Server 5.25 is vulnerable; prior versions may also be affected. Update (June 28, 2010): Assuming the server is running as 'admin', attackers can execute arbitrary code to compromise the application
Trust: 0.81
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | no | model: | - | scope: | - | version: | - | Trust: 0.6 |
| vendor: | codeorigin | model: | sysax multi server | scope: | eq | version: | 5.25 | Trust: 0.3 |
| vendor: | codeorigin | model: | sysax multi server | scope: | eq | version: | 4.3 | Trust: 0.3 |
THREAT TYPE
network
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 41013 | Trust: 0.9 |
| db: | CNVD | id: | CNVD-2010-1148 | Trust: 0.6 |
REFERENCES
| url: | http://www.securityfocus.com/archive/1/511911 | Trust: 0.6 |
| url: | http://www.sysax.com/ | Trust: 0.3 |
| url: | /archive/1/512046 | Trust: 0.3 |
| url: | /archive/1/511911 | Trust: 0.3 |
CREDITS
leinakesi
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2010-1148 |
| db: | BID | id: | 41013 |
LAST UPDATE DATE
2022-05-17T01:53:41.082000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2010-1148 | date: | 2010-06-22T00:00:00 |
| db: | BID | id: | 41013 | date: | 2010-06-28T17:28:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2010-1148 | date: | 2010-06-22T00:00:00 |
| db: | BID | id: | 41013 | date: | 2010-06-21T00:00:00 |