Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

WS_FTP Server Denial of Service Vulnerability

Dec 17, 2003 12:18AM PST

Description:
Dr_insane has reported a vulnerability in WS_FTP Server, which can be exploited by malicious users to cause a DoS (Denial of Service).

Performance on a system running a vulnerable version of WS_FTP Server can be degraded by consuming about 98% CPU resources. This is possible by supplying multiple dots (".") as argument to the "CWD" command followed by an attempt to create an arbitrary directory with the "MKD" command.

The vulnerability has been confirmed in version 4.02. Other versions may also be affected.

Solution:
Grant only trusted users access.

Filter malicious characters and character sequences in a FTP proxy.

Provided and/or discovered by:
Dr_insane

http://www.secunia.com/advisories/10452/

Discussion is locked