[Wzdftpd-security] WZDFTPD Security Advisory 2003-.02

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

WZDFTPD Security Advisory 2003-.02 

Topic: DoS via sending a single CRLF sequence at login

Version: wzdftpd-cvs: source prior September, 25 2003
              wzdftpd 0.1RC5
	      wzdtpd  <0.1RC4
            
Severity: remote denail of service

Fixed: wzdftpd-cvs:  September, 25 2003
          wzdftpd 0.1RC5: September, 25 2003
          other versions are not supported

Details:

	wzdftpd has an internal check during the login process to verify the input.
however, sending a single CRLF sequence at login will cause an Unhandled
exception at the server.
               
Fix:

       For cvs version users: not vulnerable since Sep, 25 2003
       For wzdftpd 0.1rc5: patch is attached
       For wzdftpd <0.1rc5: You need to upgrade, those versions are no longer supported. 

Acknowledgements:

	Thanks to Moran Zavdi from Moozatech IT Systems Ltd[1]

References:

	Moozatech Advisory [2]
	Original bu...@se... message [3]        
	

[1] http://www.moozatech.com
[2] http://www.moozatech.com/mt-23-09-2003.txt
[3] http://securityfocus.com/archive/1/338631/2003-09-23/2003-09-29/0


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (FreeBSD)

iQEVAwUBP3QxdCpMDQ8aPhy0AQJTMQf8Cr9yzOUC24ooMoM3Jff1eDNtBhB6MTGz
bGw+WJFffvq40RKEE6q1tTaNttmRzycZa+uIE0InURpnic3oCm6o1xB20SoHEDQC
eE7or0fRoBabCkwtw91yBBhf91NZG4nyepvGsuOZ/eCNm+szWoDLX6c4dArC9e37
pgA2ehRXbY9Lwx/di8lYLzQNH7al3d+5D8hFNfYoWcd1CljQb+x6gCqj/9rldEaU
1d+T82FgaIqAe+gU/sPZBnVOZ8X+PXFqo2Z+38GrMbi+eFCgxRnT3tZv7b5Hbpkj
qFykFO3Q1iPrwdVilGSb9tdfOv404oHYn55TSUpGMOVut1SmgfyFlg==
=cOe1
-----END PGP SIGNATURE-----