WFTPD Server GUI Remote Denial Of Service Vulnerability

Bugtraq ID:	9908
Class:	Failure to Handle Exceptional Conditions
CVE:
Remote:	Yes
Local:	No
Published:	Mar 17 2004 12:00AM
Updated:	Mar 17 2004 12:00AM
Credit:	Discovery of this vulnerability has been credited to STORM <[email protected]>.
Vulnerable:	Texas Imperial Software WFTPD Pro 3.21 R2 Texas Imperial Software WFTPD Pro 3.21 R1 Texas Imperial Software WFTPD 3.21 R2 Texas Imperial Software WFTPD 3.21 R1
Not Vulnerable:	Texas Imperial Software WFTPD Pro 3.21 R3 Texas Imperial Software WFTPD 3.21 R3

WFTPD Server GUI Remote Denial Of Service Vulnerability

WFTPD server front end GUI has been reported to be prone to a denial of service. The issue is reported to present itself if a user who is logged into the affected service issues an FTP request with a large parameter. This will cause the server GUI to behave in an unstable manner, potentially preventing the GUI from opening.

WFTPD Server GUI Remote Denial Of Service Vulnerability

The following proof of concept exploit has been supplied:

• /data/vulnerabilities/exploits/WFTPD-GuiDoS.pl

WFTPD Server GUI Remote Denial Of Service Vulnerability

Solution:
The vendor has released updates to address this issue:


Texas Imperial Software WFTPD 3.21 R2

• Texas Imperial Software 32wfd321.zip
  http://www.wftpd.com/downloads/32wfd321.zip

Texas Imperial Software WFTPD Pro 3.21 R1

• Texas Imperial Software protr321.zip
  http://www.wftpd.com/downloads/protr321.zip

Texas Imperial Software WFTPD 3.21 R1

• Texas Imperial Software 32wfd321.zip
  http://www.wftpd.com/downloads/32wfd321.zip

Texas Imperial Software WFTPD Pro 3.21 R2

• Texas Imperial Software protr321.zip
  http://www.wftpd.com/downloads/protr321.zip

WFTPD Server GUI Remote Denial Of Service Vulnerability

References:

• WFTPD Homepage (Texas Imperial Software)