Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

WFTPD Pro Server Administrative GUI Denial of Service

Mar 17, 2004 11:38PM PST

Less critical

IMPACT:
DoS

WHERE:
From remote

SOFTWARE:
WFTPD Pro Server 3.x

DESCRIPTION:
STORM has discovered a vulnerability in WFTPD Pro Server, which can
be exploited by malicious users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the handling of
various FTP command arguments. This can be exploited to crash the
administrative GUI by supplying an overly long argument (about 300
bytes) to certain FTP commands.

The vulnerability has been reported in version 3.21 Release 1 and 2.

SOLUTION:
Update to version 3.21 Release 3.
http://www.wftpd.com/downloads.htm

http://secunia.com/advisories/11160/

Discussion is locked