| VID |
12020 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The WFTPD is vulnerable to a buffer overflow attack via the conjunction of MKD and CWD commands.
WFTPD is a popular standard FTP service for Windows NT/2000/XP. Some versions of WFTPD contains a remote buffer overflow vulnerability, arises when a remote attacker sends the conjunction of two large commands the MKD and CWD, with an argument a string exact of 255 characters as the fallow :
MKD aaaaa...['a'*300]...aaaaaaaa
CWD aaaaa...['a'*300]...aaaaaaaa
It can overrun the buffer and cause a denial of service on the FTP server. Also, in the worst case, it allows a remote attacker to gain root access and to execute arbitrary code on the server.
* Platforms Affected :
Texas Imperial Software WFTPD 2.34
Texas Imperial Software WFTPD 2.40
Texas Imperial Software WFTPD 3.0
* References:
http://online.securityfocus.com/bid/747
http://www.iss.net/security_center/static/3417.php |
| Recommendation |
Restrict the user to his home directory and below.
1. Open the Security->User Rights from the menu.
2. Choose user (anonymous)
3. Check "Restrict To Home Directory And Below" on the User/Rights Security Dialog windows
-- OR --
Upgrade to WFTPD 3.0R3 or later, available from Texas Imperial Software web site : http://www.wftpd.com/downloads.htm. Now the latest version, WFTPD Pro 3.20 Release 2 version, was released on October 17, 2002. |
| Related URL |
CVE-1999-0950 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
