Remote: yes Local: no Credit: Mike Cyr, aka h00die Vulnerable: NASU2FW41 Loader 1.17 Not Vulnerable: Discussion: The FTP server included with the Addonics NAS Adapter is vulnerable to 3 remote BoF conditions which result in a DoS and requires a device reboot as the entire tcp/ip stack is crashed. Exploit: http://milw0rm.com/exploits/8584 the RMDIR, Delete, Rename functions are all vulnerable. Log: Vendor notification March 25, 2009 (ticket 497283) Vendor response March 26, 2009 Milw0rm code release April 1, 2009 Security Focus Notification April 1, 2009 References: Vendor/Product Website: http://www.addonics.com/products/nas/nasu2.asp
