Multiple WFTPD Vulnerabilities

BID:9767

Info

Multiple WFTPD Vulnerabilities

Bugtraq ID: 9767
Class: Unknown
CVE: CVE-2004-0340
CVE-2004-0341
CVE-2004-0342
Remote: Yes
Local: No
Published: Feb 28 2004 12:00AM
Updated: Jul 12 2009 03:06AM
Credit: Discovered by "axl rose" <[email protected]>.
Vulnerable: Texas Imperial Software WFTPD Pro 3.21
Texas Imperial Software WFTPD Pro 3.20
Texas Imperial Software WFTPD Pro 3.10 R1
- Microsoft Windows 2000 Professional SP2
 - Microsoft Windows 2000 Professional SP1
 - Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
 - Microsoft Windows NT 4.0 SP6
 - Microsoft Windows NT 4.0 SP5
 - Microsoft Windows NT 4.0 SP4
 - Microsoft Windows NT 4.0 SP3
 - Microsoft Windows NT 4.0 SP2
 - Microsoft Windows NT 4.0 SP1
 - Microsoft Windows NT 4.0
 Texas Imperial Software WFTPD 3.21
Texas Imperial Software WFTPD 3.20
Texas Imperial Software WFTPD 3.10 R1
- Microsoft Windows 2000 Professional SP2
 - Microsoft Windows 2000 Professional SP1
 - Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
 - Microsoft Windows NT 4.0 SP6
 - Microsoft Windows NT 4.0 SP5
 - Microsoft Windows NT 4.0 SP4
 - Microsoft Windows NT 4.0 SP3
 - Microsoft Windows NT 4.0 SP2
 - Microsoft Windows NT 4.0 SP1
 - Microsoft Windows NT 4.0
 Texas Imperial Software WFTPD 3.0 Pro
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0
 - Microsoft Windows NT 3.5
 Texas Imperial Software WFTPD 3.0 0R5 Pro
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0
 Texas Imperial Software WFTPD 3.0 0R5
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
 Texas Imperial Software WFTPD 3.0 0R4 Pro
- Microsoft Windows NT 4.0
 Texas Imperial Software WFTPD 3.0 0R4
- Microsoft Windows NT 4.0
 Texas Imperial Software WFTPD 3.0 0R3
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
 Texas Imperial Software WFTPD 3.0
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
Not Vulnerable: Texas Imperial Software WFTPD Pro 3.21 R2
Texas Imperial Software WFTPD 3.21 R2

Discussion

Multiple WFTPD Vulnerabilities

Multiple vulnerabilities have been reported to affect versions 3.21 and 3.20 of WFTPD Server and WFTPD Pro Server, including potential denial of service conditions and remote command execution.

The less serious of the vulnerabilities are the flaws which can be exploited to cause a denial of service. According to the report, the method by which WFTPD allocates additional memory is flawed in such a way that it can be exploited to exhaust available memory in a manner efficient to the attacker. Attackers may also take advantage of a buffer scan operation to spike CPU usage.

The more serious vulnerability is a stack-based buffer overflow condition. The condition is present in the implementation of FTP commands LIST, NLST, and STAT. To exploit the vulnerability, the attacker must be authenticated as a valid user unless the Secure option in the registry is set to 0. There is a logical error (which may be due to the use of an incorrect macro) in the check that is in place to prevent a buffer overflow. This results the possibility to write a string of excessive length to the local buffer, corrupting the process stack.

Note: Analysis is currently pending. This record will likely be retired as new entries are created for each individual vulnerability.

Exploit / POC

Solution / Fix

Multiple WFTPD Vulnerabilities

Solution:
The vendor has released WFTPD version 3.21 Release 2 to address these issues.

IMPORTANT NOTE: The vendor has updated the previously released binary without a change in the revision number. This update occurred on March 3, 2004. Any users that updated their software prior to March 4, 2004 are strongly recommended to acquire the current build, which can be found in the same location as the previous build as detailed below.


Texas Imperial Software WFTPD 3.0 0R4 Pro

Texas Imperial Software WFTPD 3.0 0R5 Pro

Texas Imperial Software WFTPD 3.0 Pro

Texas Imperial Software WFTPD 3.0 0R4

Texas Imperial Software WFTPD 3.0 0R3

Texas Imperial Software WFTPD 3.0

Texas Imperial Software WFTPD 3.0 0R5

Texas Imperial Software WFTPD Pro 3.10 R1

Texas Imperial Software WFTPD 3.10 R1

Texas Imperial Software WFTPD Pro 3.20

Texas Imperial Software WFTPD 3.20

Texas Imperial Software WFTPD Pro 3.21

Texas Imperial Software WFTPD 3.21

References

Multiple WFTPD Vulnerabilities

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report