Bugtraq mailing list archives
Addonics NAS Adapter FTP Remote Denial of Service
From: mcyr2 () csc com
Date: Fri, 1 May 2009 08:15:52 -0600
Remote: yes Local: no Credit: Mike Cyr, aka h00die Vulnerable: NASU2FW41 Loader 1.17 Not Vulnerable: Discussion: The FTP server included with the Addonics NAS Adapter is vulnerable to 3 remote BoF conditions which result in a DoS and requires a device reboot as the entire tcp/ip stack is crashed. Exploit: http://milw0rm.com/exploits/8584 the RMDIR, Delete, Rename functions are all vulnerable. Log: Vendor notification March 25, 2009 (ticket 497283) Vendor response March 26, 2009 Milw0rm code release April 1, 2009 Security Focus Notification April 1, 2009 References: Vendor/Product Website: http://www.addonics.com/products/nas/nasu2.asp
Current thread:
- Addonics NAS Adapter FTP Remote Denial of Service mcyr2 (May 01)