War FTP Daemon Remote Denial Of Service Vulnerability

Bugtraq ID:	12384
Class:	Failure to Handle Exceptional Conditions
CVE:
Remote:	Yes
Local:	No
Published:	Jan 27 2005 12:00AM
Updated:	Jan 27 2005 12:00AM
Credit:	Discovery is credited to MC.Iglo <[email protected]>.
Vulnerable:	War FTP Daemon War FTP Daemon 1.82 RC9 War FTP Daemon War FTP Daemon 1.8
Not Vulnerable:	War FTP Daemon War FTP Daemon 1.82 RC10

War FTP Daemon Remote Denial Of Service Vulnerability

War FTP Daemon is reported prone to a remote denial of service vulnerability. This issue arises because the application fails to handle exceptional conditions in a proper manner.

War FTP Daemon 1.82.00-RC9 is reported prone to this issue. It is likely that previous versions are vulnerable as well.

War FTP Daemon Remote Denial Of Service Vulnerability

An exploit is not required.

The following proof of concept is available:

• /data/vulnerabilities/exploits/WarFTPD_dos.pl

War FTP Daemon Remote Denial Of Service Vulnerability

Solution:
The vendor has released War FTP Daemon 1.82.00-RC10 to address this issue.


War FTP Daemon War FTP Daemon 1.8

• War FTP Daemon warftpd-1.82-00-RC10-i386.exe
  ftp://ftp.jgaa.com/pub/products/Windows/WarFtpDaemon/1.7_Series/i386/w arftpd-1.82-00-RC10-i386.exe

War FTP Daemon War FTP Daemon 1.82 RC9

• War FTP Daemon warftpd-1.82-00-RC10-i386.exe
  ftp://ftp.jgaa.com/pub/products/Windows/WarFtpDaemon/1.7_Series/i386/w arftpd-1.82-00-RC10-i386.exe

War FTP Daemon Remote Denial Of Service Vulnerability

References:

• Denial of Service vulnerability (War FTP Daemon)
  
• Vendor Homepage (War FTP Daemon)
  
• WarFTPD 1.82 RC9 DoS ("MC.Iglo" )