VAR-201006-0506
Vulnerability from variot - Updated: 2022-05-17 01:53Sysax Multi Server is an SSH2 and FTP server for Windows. There are multiple denial of service problems in the Sysax Multi Server SFTP module. Unsafe commands include \"open\", \"unlink\", \"mkdir\", etc., and long strings are not handled correctly. An attacker with valid login credentials can exploit these issues to cause the server to crash, resulting in a denial-of-service condition. Other attacks may also be possible. Sysax Multi Server 5.25 is vulnerable; prior versions may also be affected. Update (June 28, 2010): Assuming the server is running as 'admin', attackers can execute arbitrary code to compromise the application
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201006-0506",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "sysax multi server",
"scope": "eq",
"trust": 0.3,
"vendor": "codeorigin",
"version": "5.25"
},
{
"model": "sysax multi server",
"scope": "eq",
"trust": 0.3,
"vendor": "codeorigin",
"version": "4.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1148"
},
{
"db": "BID",
"id": "41013"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "leinakesi",
"sources": [
{
"db": "BID",
"id": "41013"
}
],
"trust": 0.3
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sysax Multi Server is an SSH2 and FTP server for Windows. There are multiple denial of service problems in the Sysax Multi Server SFTP module. Unsafe commands include \\\"open\\\", \\\"unlink\\\", \\\"mkdir\\\", etc., and long strings are not handled correctly. \nAn attacker with valid login credentials can exploit these issues to cause the server to crash, resulting in a denial-of-service condition. Other attacks may also be possible. \nSysax Multi Server 5.25 is vulnerable; prior versions may also be affected. \nUpdate (June 28, 2010): Assuming the server is running as \u0027admin\u0027, attackers can execute arbitrary code to compromise the application",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1148"
},
{
"db": "BID",
"id": "41013"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "41013",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2010-1148",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1148"
},
{
"db": "BID",
"id": "41013"
}
]
},
"id": "VAR-201006-0506",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1148"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1148"
}
]
},
"last_update_date": "2022-05-17T01:53:41.082000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/511911"
},
{
"trust": 0.3,
"url": "http://www.sysax.com/"
},
{
"trust": 0.3,
"url": "/archive/1/512046"
},
{
"trust": 0.3,
"url": "/archive/1/511911"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1148"
},
{
"db": "BID",
"id": "41013"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-1148"
},
{
"db": "BID",
"id": "41013"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-06-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1148"
},
{
"date": "2010-06-21T00:00:00",
"db": "BID",
"id": "41013"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-06-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1148"
},
{
"date": "2010-06-28T17:28:00",
"db": "BID",
"id": "41013"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "41013"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sysax Multi Server \u0027SFTP\u0027 Module Denial of Service Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1148"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "41013"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…