From: pollux <po...@wz...> - 2007-10-28 13:28:16
|
wzdftpd 0.8.3 has been released. This release fixes a security problem (CVE-2007-5300): k1tk4t has discovered a vulnerability in wzdftpd, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially to compromise a vulnerable system. The vulnerability is caused due to an off-by-one error within the "do_login_loop()" function in libwzd-core/wzd_login.c. This can be exploited to cause a stack-based buffer overflow with a zero byte by sending an overly long string to the affected server (over 4095 bytes). The vulnerability is confirmed in version 0.8.2. Other versions may also be affected. Solution: Upgrade to 0.8.3 Other fixes in the release: * Misc problems with TLS (GnuTLS/OpenSSL compatibility) * Some memory leaks with OpenSSL * Better use of PASV range=20 You can download the source code from SourceForge as follows: URL: http://downloads.sourceforge.net/wzdftpd/wzdftpd-0.8.3.tar.gz MD5: 6114c32fc91786d9485fbc10c6306082 SHA1: f47e19b5d9df2b15d27aa73e663bc4da0b9d4a1f |