Wzdftpd Multiple Unspecified Remote Denial of Service Vulnerabilities

Bugtraq ID:	22152
Class:	Unknown
CVE:
Remote:	Yes
Local:	No
Published:	Jan 19 2007 12:00AM
Updated:	Jan 25 2007 04:24PM
Credit:	Jose Miguel Esparza is credited with the discovery of these vulnerabilities.
Vulnerable:	wzdftpd wzdftpd 0.8 wzdftpd wzdftpd 0.7.3 wzdftpd wzdftpd 0.7.2 wzdftpd wzdftpd 0.7.1 wzdftpd wzdftpd 0.7 wzdftpd wzdftpd 0.6 wzdftpd wzdftpd 0.5.4 wzdftpd wzdftpd 0.5.2 wzdftpd wzdftpd 0.1 rc5 wzdftpd wzdftpd 0.1 rc4 wzdftpd wzdftpd 0.1 cvs-20030613 wzdftpd wzdftpd 0.1
Not Vulnerable:	wzdftpd wzdftpd 0.8.1

Wzdftpd Multiple Unspecified Remote Denial of Service Vulnerabilities

The 'wzdftpd' program is prone to multiple remote denial-of-service vulnerabilities.

Exploiting these issues allows remote attackers to crash the application, denying further service to legitimate users.

These issues reportedly affect versions prior to 0.8.1.

Wzdftpd Multiple Unspecified Remote Denial of Service Vulnerabilities

An attacker can exploit these issues through an FTP client.

Wzdftpd Multiple Unspecified Remote Denial of Service Vulnerabilities

Solution:
Reports indicate that these issues have been addressed in version 0.8.1. Symantec was unable to confirm these reports. Please contact the vendor for more information.

Wzdftpd Multiple Unspecified Remote Denial of Service Vulnerabilities

References:

• WzdFTPD Denial of Service (Jose Miguel Esparza ([email protected]))
  
• wzdftpd Homepage (wzdftpd)