WZDFTPD FTP Command Remote Denial of Service Vulnerability

Bugtraq ID:	22131
Class:	Failure to Handle Exceptional Conditions
CVE:
Remote:	Yes
Local:	No
Published:	Jan 19 2007 12:00AM
Updated:	Jan 19 2007 12:00AM
Credit:	Jose Miguel Esparza is credited with the discovery of this vulnerability.
Vulnerable:	wzdftpd wzdftpd 0.8 wzdftpd wzdftpd 0.7.3 wzdftpd wzdftpd 0.7.2 wzdftpd wzdftpd 0.7.1 wzdftpd wzdftpd 0.5.4 wzdftpd wzdftpd 0.5.2 wzdftpd wzdftpd 0.1 rc5 wzdftpd wzdftpd 0.1 rc4 wzdftpd wzdftpd 0.1 cvs-20030613 wzdftpd wzdftpd 0.1 wzdftpd wzdftpd 1rc5
Not Vulnerable:	wzdftpd wzdftpd 0.8.1

WZDFTPD FTP Command Remote Denial of Service Vulnerability

WzdFTPD to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.

Successfully exploiting this issue would cause the affected application to crash, denying service to legitimate users.

WzdFTPD 0.8.0 and prior versions are vulnerable to this issue.

WZDFTPD FTP Command Remote Denial of Service Vulnerability

Attackers can exploit this issue by using readily available network tools and/or FTP clients.

WZDFTPD FTP Command Remote Denial of Service Vulnerability

Solution:
Reports indicate that this issue is not vulnerable in version 0.8.1. Symantec has not confirmed this.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

WZDFTPD FTP Command Remote Denial of Service Vulnerability

References:

• WzdFTPD Denial of Service (S21Sec)
  
• wzdftpd Homepage (wzdftpd)