MidnightBSD

Advisories for crob

CVE-2003-1205 MEDIUM

Crob FTP Server 2.60.1 allows remote authenticated users to cause a denial of service (crash) by renaming a file to the "con" MS-DOS device name.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
crob crob_ftp_server 2.60.1
CVE-2003-1206 MEDIUM

Format string vulnerability in Crob FTP Server 2.60.1 allows remote attackers to cause a denial of service (crash) via "%s" or "%n" sequences in (1) the username during login, or other FTP commands such as (2) dir.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
crob crob_ftp_server 2.60.1
CVE-2003-1207 MEDIUM

Crob FTP Server 3.5.1 allows remote authenticated users to cause a denial of service (crash) via a dir command with a large number of "." characters followed by a "/*" string.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
crob crob_ftp_server 3.5.1
CVE-2004-0282 MEDIUM

Crob FTP daemon 3.5.2 allows remote attackers to cause a denial of service (crash) by repeatedly connecting to and disconnecting from the server.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
crob crob_ftp_server 3.5.2
CVE-2004-2309 LOW

Directory traversal vulnerability in Crob FTP Server 3.5.1 allows local users to browse outside the FTP root via multiple ../ (dot dot slash) in the DIR command.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
crob crob_ftp_server 3.5.1
CVE-2005-1873 HIGH

Multiple buffer overflows in Crob FTP 3.6.1, and possibly earlier versions, allow remote attackers to execute arbitrary code via (1) an FTP command with a large string followed by the RMD command with a long string or (2) a globbing ("*") character followed by a long string.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
crob crob_ftp 3.6.1