CVE-2012-4729

Wing FTP Server before 4.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via two zip commands.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:C

Exploitability : 8.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2012-10/0052.html
http://osvdb.org/86132
http://www.securityfocus.com/bid/55847
http://www.wftpserver.com/serverhistory.htm

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:wftpserver:wing_ftp_server::::::::
	cpe:2.3:a:wftpserver:wing_ftp_server:1.1:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:1.2:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:1.3:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:1.4:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:1.5:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:1.6:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:2.0:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:2.1:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:2.3:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:2.4:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.0.0:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.1.0:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.1.2:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.2.0:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.2.4:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.2.8:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.3.0:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.3.4:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.3.5:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.4.0:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.4.1:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.4.2:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.4.3:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.4.5:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.5.0:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.5.1:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.5.2:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.6.0:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.6.1:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.6.6:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.6.8:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.7.2:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.7.5:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.8.0:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.8.5:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.8.6:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.8.7:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.8.8:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.8.9:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:4.0.1:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:4.0.2:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:4.0.3:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:4.0.5:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:4.0.6:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:4.0.8:::::::*

History

No history.

Information

Published : 2012-10-26 10:39

Updated : 2013-03-02 04:46

NVD link : CVE-2012-4729

Mitre link : CVE-2012-4729

CVE.ORG link : CVE-2012-4729

JSON object : View

Products Affected

wftpserver

wing_ftp_server

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2012-4729", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-10-26T10:39:16.250", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0052.html", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/86132", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/55847", "source": "cve@mitre.org"}, {"url": "http://www.wftpserver.com/serverhistory.htm", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Wing FTP Server before 4.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via two zip commands."}, {"lang": "es", "value": "Wing FTP Server anteriores a v4.1.1 permite a usuarios remotos autenticados a provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de dos comandos zip."}], "lastModified": "2013-03-02T04:46:08.017", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24125FF0-94E8-4BA0-8B04-4DEEABBCE80C", "versionEndIncluding": "4.0.9"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE985A97-2D41-47DE-A805-7A2FD285165C"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4A607B9-05E9-4AAF-8B7E-A5F55AE5F834"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34B8CF5F-0149-44EC-9B35-867FFEB15144"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B854DF1-FA49-4015-869C-1A9DBB3452BC"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9678635A-4445-469D-91C0-9519FCEA33D5"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D801B327-DB9F-431C-92E2-F79E18904029"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1798A19-E60D-47B4-A2EC-0BCC055F0E16"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F04AC1A2-2DD0-4830-A0A5-30E8A3D4E489"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAD763A5-2FB7-4062-9F7A-D6774052A197"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "756C96B8-1848-4E56-8CF8-B991DE039651"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7BE25EE-95B5-41E1-A44E-ADDD38AD6F95"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:3.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CDA234C-1233-4534-9564-7AAB96F90FD8"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:3.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3AFD7C3-B6CA-43F2-88B7-C2E6A2725FD3"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:3.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6538A214-F187-4F3E-8493-AB22F97E5BB3"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:3.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D144A158-72F1-4A10-9E53-3CB9D50F9ECF"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:3.2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F24AE53-EB21-4148-ABA5-87A247404966"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:3.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D865E06-5BE1-4F8D-BD38-75C0B4550A28"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:3.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9AD9989-210A-4C91-A2E6-3F597A6F2DA9"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:3.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "654DC106-855A-4615-99EC-5DB7D5A34480"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:3.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "488217F9-1CBB-4FEA-9882-EFF98954589E"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:3.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE722782-516C-4526-8F81-5CA599B445A3"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:3.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8B0ED05-DE40-470A-B567-5B9C78CD469E"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:3.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "401056BD-21D4-41A8-80AD-70F77C4CFE07"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:3.4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0316B82B-B023-4617-B46E-EB691DCDE0CD"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:3.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6377DE0A-CE2F-4EF2-9E8F-19F57116274D"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:3.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEB4F018-DF57-47DF-8B1E-D385F2A59ACF"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:3.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A369660-36FC-41B9-A3C2-76D1E9C805FA"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:3.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "538982B5-CE3F-43C0-BB95-D17E53B89EF4"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:3.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0EB3D4C-DF9A-4BAE-AEE3-81393D67783F"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:3.6.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A902571-BC12-4A17-972B-02C2AEE0978A"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:3.6.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11C22576-1E01-4765-9AF9-93AD78358EEE"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:3.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26574470-2EA2-4BB3-8435-16BE81D69448"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:3.7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6603417-A112-4E22-ABDF-4E9919F8C526"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:3.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C01C9347-1597-4FEF-A58A-03AAB192BCD9"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:3.8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB8B6632-82EE-4779-8F28-83D3A29E4457"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:3.8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "952D173B-4A56-4F21-B603-1B0F677F175B"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:3.8.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "145E259D-38EC-4EE9-BA5B-768CCC337040"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:3.8.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "075A7427-6F14-47A0-A3D1-3829449F3F33"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:3.8.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6686EF31-DF37-4DA7-844A-536433073420"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B2943BA-6893-4E78-9FBD-303672B78179"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:4.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "465915AA-A0FD-44B6-BDA8-AFE1B8801A9A"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:4.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C8DEAE1-EFD6-43F9-963D-818F25C28081"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:4.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C033A8E-FB1C-4D49-86FB-83C4984796DF"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:4.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA7AF10E-DB42-4228-B063-0AEDE28C0687"}, {"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:4.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D863FF7D-B5CF-425B-AB6E-252224659899"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

6.8 /10