[Wzdftpd-security] WZDFTPD Security Advisory 2004-01

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

WZDFTPD Security Advisory 2004-01

Topic: crash when using server in PORT mode

Version: wzdftpd-cvs: prior Feb, 13 2004
    wzdftpd 0.2
    wzdftpd < 0.2

Platform: FreeBSD (all versions)

Severity: medium (remote crash)

Fixed: wzdftpd-cvs: Feb, 13 2004
    wzdftpd 0.2.1


Details:

    wzdftpd tries to check if network connection is writable before
connecting to a remote host, this mechanism is not supported by FreeBSD
and leads to a crash.
    We do not believe this crash to be exploitable.

Fix:
    update to lastest CVS version, or 0.2.1.
    Patch is attached.