WFTPD 2.4.1RC11 Multiple Vulnerabilities
BID:1506
Info
WFTPD 2.4.1RC11 Multiple Vulnerabilities
| Bugtraq ID: | 1506 |
| Class: | Input Validation Error |
| CVE: |
CVE-2000-0644 CVE-2000-0645 CVE-2000-0646 CVE-2000-0647 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jul 21 2000 12:00AM |
| Updated: | Jul 11 2009 02:56AM |
| Credit: | Posted to BugTraq on July 21, 2000 by Blue Panda <[email protected]> |
| Vulnerable: |
Texas Imperial Software WFTPD 2.40 Texas Imperial Software WFTPD 2.34 Texas Imperial Software WFTPD 2.4.1 RC11 Texas Imperial Software WFTPD 2.4.1 |
| Not Vulnerable: |
Texas Imperial Software WFTPD 2.4.1 RC12 |
Discussion
WFTPD 2.4.1RC11 Multiple Vulnerabilities
WFTPD versions prior to 2.4.1RC11 suffer from a number of vulnerabilities.
1) Issuing a STAT command while a LIST is in progress will cause the ftp server to crash.
2) If the REST command is used to write past the end of a file or to a non-existant file (with STOU, STOR, or APPE), the ftp server will crash.
3) If a transfer is in progress and a STAT command is issued, the full path and filename on the server is revealed.
4) If an MLST command is sent without first logging in with USER and PASS, the ftp server will crash.
WFTPD versions prior to 2.4.1RC11 suffer from a number of vulnerabilities.
1) Issuing a STAT command while a LIST is in progress will cause the ftp server to crash.
2) If the REST command is used to write past the end of a file or to a non-existant file (with STOU, STOR, or APPE), the ftp server will crash.
3) If a transfer is in progress and a STAT command is issued, the full path and filename on the server is revealed.
4) If an MLST command is sent without first logging in with USER and PASS, the ftp server will crash.