CVE-2008-0406 Information

Description

HTTP File Server (HFS) before 2.2c when account names are used as log filenames allows remote attackers to cause a denial of service (daemon crash) via a long account name.

Reference

http://secunia.com/advisories/28631 http://securityreason.com/securityalert/3581 http://www.rejetto.com/hfs/?f=wn http://www.securityfocus.com/archive/1/486873/100/0/threaded http://www.securityfocus.com/bid/27423 http://www.syhunt.com/advisories/hfs-1-log.txt http://www.syhunt.com/advisories/hfshack.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/39875