---------------------------------------------------------------------- Secunia is pleased to announce the release of the annual Secunia report for 2008. Highlights from the 2008 report: * Vulnerability Research * Software Inspection Results * Secunia Research Highlights * Secunia Advisory Statistics Request the full 2008 Report here: http://secunia.com/advisories/try_vi/request_2008_report/ Stay Secure, Secunia ---------------------------------------------------------------------- TITLE: Telnet-Ftp Service Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA34414 VERIFY ADVISORY: http://secunia.com/advisories/34414/ DESCRIPTION: Some vulnerabilities have been discovered in Telnet-Ftp Service Server, which can be exploited by malicious users to bypass certain security restrictions or cause a DoS (Denial of Service). 1) An input validation error when handling FTP "DELE", "MKD", and "RMD" requests can be exploited to escape the FTP root and manipulate arbitrary directories and files on the system via directory traversal attacks using the "../" character sequence. 2) An error exists in the handling of "RETR" commands. This can be exploited to crash the service by sending multiple "RETR" requests with no arguments. The vulnerabilities are confirmed in version 1.0 build 1.218 trial. Other versions may also be affected. SOLUTION: Grant trusted users access only. PROVIDED AND/OR DISCOVERED BY: Jonathan Salwan ORIGINAL ADVISORY: http://milw0rm.com/exploits/8273 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------