[Wzdftpd-security] WZFTPD Denial Of Service

[pollux <po...@wz...>]

Application: wzdftpd FTP Server
Web Site:    http://www.wzdftpd.net
Versions:    0.1rc5
Platform:    Windows 2000,WindowsXP,UNIX systems might also be affected.
Risk:        Remote DOS.
Severity:    Medium
Fix Available: Yes



1) Bug
wzdftpd has an internal check during the login process to verify the input.
however, sending a single CRLF sequence at login will cause an Unhandled
exception at the server.

2) Fix
Upgrade to daily version 20030923 or use CVS code

3) Acknowledgements
Thanks to Moozatech Advisory for reporting the problem
see http://www.moozatech.com/mt-23-09-2003.txt


/P
-- 
In /dev/null no one can here you scream !

 //        Pollux <po...@wz...>           \\ 
//                                                \\
\\  Creator of wzdftpd -- http://www.wzdftpd.net  //
 \\                                              //