CVE-2005-3057

FortiOS < 3.0 MR1 - FTP Anti-Virus Bypass via Early STOR Command

Title source: llm

Description

The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as demonstrated using LFTP.

References (6)

Core 6

Core References

Mailing List mailing-list x_refsource_fulldisc

http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042139.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/16597

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=113986337408103&w=2

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/18844

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/0539

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/24624

Scores

EPSS 0.0188

EPSS Percentile 83.4%

Details

Status published

Products (2)

fortinet/fortigate 2.8

fortinet/fortios < 2.8_mr10

Published Dec 31, 2005

Tracked Since Feb 18, 2026