<<< Date Index >>>     <<< Thread Index >>>

RaidenFTPd IXceedCompression multiple denial of service vulnerabilities



Synopsis:  RaidenFTPd IXceedCompression multiple denial of service 
vulnerabilities
Product:   RaidenFTP
Version:   2.4

Author:    sapheal



Issue:
======

RaidenFTP XceddZipLib (RaidenFTPD.dll) is prone to multiple 
remote denial of service vulnerabilities.


Details:
========

Funcions: CalculateCrc, Compress and Uncompress cannot properly handle
the given input. Successful exploitation of  the issue allows
local attackers to trigger the application's crash (due to null pointer
dereference). 



Credits:
========

Michal Bucko (sapheal), hackpl



Disclaimer:
===========

This  document and all the information it contains are provided "as is",
for educational purposes only, without warranty  of  any  kind,  whether
express or implied.

The  authors reserve the right not to be responsible for the topicality,
correctness, completeness or quality of  the  information   provided  in
this  document.  Liability  claims regarding damage caused by the use of
any information provided, including any kind  of  information  which  is
incomplete or incorrect, will therefore be rejected.