Test ID:	1.3.6.1.4.1.25623.1.0.900260
Category:	FTP
Title:	Home FTp Server DOS And Multiple Directory Traversal Vulnerabilities
Summary:	Home Ftp Server is prone to Denial of Service and Directory Traversal Vulnerabilities using invalid commands.
Description:	Summary: Home Ftp Server is prone to Denial of Service and Directory Traversal Vulnerabilities using invalid commands. Vulnerability Insight: - An error in the handling of multiple 'SITE INDEX' commands can be exploited to stop the server. - An input validation error when handling the MKD FTP command can be exploited to create directories outside the FTP root or create files with any contents in arbitrary directories via directory traversal sequences in a file upload request. Vulnerability Impact: Successful exploitation will allow attackers to cause a Denial of Service or directory traversal attacks on the affected application. Affected Software/OS: Home FTP Server version 1.10.1.139 and prior. Solution: Upgrade to Home FTP Server version 1.10.3.144 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4051 BugTraq ID: 37033 http://www.securityfocus.com/bid/37033 Bugtraq: 20091116 Home FTP Server 'SITE INDEX' Command Remote Denial of Service Vulnerability (Google Search) http://www.securityfocus.com/archive/1/507893/100/0/threaded http://secunia.com/advisories/37381 http://www.vupen.com/english/advisories/2009/3269 Common Vulnerability Exposure (CVE) ID: CVE-2009-4053
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.