| VID |
16096 |
| Severity |
30 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The War FTP Daemon, according to its banner, has a denial of service vulnerability in the CWD command. War FTP daemon is very popular FTP server released as freeware, written for personal and professional use on Windows platforms. WarFTPd versions 1.82 RC9 and earlier are vulnerable to a denial of service attack. By issuing a CWD command with a specially crafted pathname including a large string of %s sequences, possibly indicating a format string vulnerability, a remote authenticated attacker could cause the affected server to crash.
* Note: This check solely relied on the banner of the remote FTP server to assess this vulnerability, so this might be a False Positive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2005-01/0311.html
* Platforms Affected:
Jarle Aase, WarFTPd versions 1.82 RC9 and earlier
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of WarFTPd (1.82 RC10 or later), available from the WarFTPd Web page at http://support.jgaa.com/index.php?cmd=ShowProduct&ID=3 |
| Related URL |
CVE-2005-0312 (CVE) |
| Related URL |
12384 (SecurityFocus) |
| Related URL |
19129 (ISS) |
|
