Menu
▾
▴
wzdftpd-security — Security announces concerning wzdftpd are posted on this list.
You can subscribe to this list here.
| 2003 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(2) |
Oct
|
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2004 |
Jan
|
Feb
(2) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
| 2005 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
| 2007 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
|
From: pollux <po...@wz...> - 2007-10-28 13:28:16
|
wzdftpd 0.8.3 has been released. This release fixes a security problem (CVE-2007-5300): k1tk4t has discovered a vulnerability in wzdftpd, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially to compromise a vulnerable system. The vulnerability is caused due to an off-by-one error within the "do_login_loop()" function in libwzd-core/wzd_login.c. This can be exploited to cause a stack-based buffer overflow with a zero byte by sending an overly long string to the affected server (over 4095 bytes). The vulnerability is confirmed in version 0.8.2. Other versions may also be affected. Solution: Upgrade to 0.8.3 Other fixes in the release: * Misc problems with TLS (GnuTLS/OpenSSL compatibility) * Some memory leaks with OpenSSL * Better use of PASV range=20 You can download the source code from SourceForge as follows: URL: http://downloads.sourceforge.net/wzdftpd/wzdftpd-0.8.3.tar.gz MD5: 6114c32fc91786d9485fbc10c6306082 SHA1: f47e19b5d9df2b15d27aa73e663bc4da0b9d4a1f |
|
From: Pierre C. <chi...@cp...> - 2007-01-31 09:55:08
|
Date: Jan 19 2007 Topic: Unspecified Bug Lets Remote Users Cause Denial of Service Conditions Systems affected: wzdftpd 0.8.0 Platforms: all Severity: medium to high Fixed: wzdftpd 0.8.1 Description: A bug was found in the command parser, resulting in a server crash if the user sends a specially crafted FTP command. This requires an authenticated user. Jose Miguel Esparza of S21Sec discovered this vulnerability. The original advisory is available at: http://www.s21sec.com/avisos/s21sec-033-en.txt Impact: A remote attacker can cause the server to crash, or a denial-of-service situation. We believe that the vulnerability can not be exploited. Solution: Upgrade to version 0.8.1 As a workaround, you can add a "key != NULL" condition in the chtbl_lookup function of the 'libwzd-base/hash.c' file The wzdftpd team. |
|
From: pollux <po...@wz...> - 2005-09-26 09:44:10
|
Date: 26/09/2005 Topic: unsecure use of popen() in wzdftpd <= 0.5.4 Systems affected: wzdftpd 0.5.4 and prior wzdftpd-cvs: source prior to September 26, 2005 Platforms: all Severity: high to critical (remote exploitation possible) Description: wzdftpd offers the possibility to extend site commands by adding custom site commands in configuration file. Some of these commands may be executed using the popen() function, without the necessary checks. This can be exploited by a remote attacker to execute commands as the user running wzdftpd on the server, usually user 'ftp' but it can be root on some systems. The severity is not set to critical since this does not affect the default configuration, as no custom site command is provided. Solution: Temporarily disable any custom site command in the configuration file (directives: cscript and site_cmd) and patch the server with the attached patch (or upgrade to the shortcoming 0.5.5 version). The wzdftpd team. |
|
From: pollux <po...@wz...> - 2004-10-28 12:52:49
|
DATE: 28/10/2004
Topic: multiple vulnerabilities in wzdftpd 0.4.2
Systems affected: wzdftpd 0.4.0, 0.4.1 and 0.4.2
wzdftpd-cvs: source prior October, 20, 2004
Platforms: all
Severity: medium to high
Fixed: wzdftpd 0.4.3
wzdftpd-cvs: October, 20, 2004
Description:
Several different vulnerabilities have been identified in wzdftpd
0.4.2, many of them can lead to a crash or a DoS.
* maximum number of users is not checked correctly when adding users,
causing the server to corrupt groups definitions.
* ident connections were not closed in all cases when many connections
happened in a very short amount of time, causing a file descriptors
leak, and leading to a remote DoS in some cases.
* files with spaces were not handled correctly if using acls but no
generic mode (chmod), causing corruption of .dirinfo
Impact:
A remote attacker can cause the server to crash or a
denial-of-service situation.
Other problems can lead to file corruptions.
Solution:
Upgrade to the 0.4.3 version, available here:
https://sourceforge.net/project/showfiles.php?group_id=78247&package_id=79308&release_id=263573
The wzdftpd team.
|
|
From: pollux <po...@wz...> - 2004-02-15 19:57:08
|
WZDFTPD Security Advisory 2004-02
Topic: possible buffer overflow in LIST command
Version: wzdftpd-cvs: prior Feb, 15 2004
wzdftpd 0.2.1
wzdftpd 0.2
wzdftpd < 0.2
Platform: all platforms
Severity: high
Fixed: wzdftpd-cvs: Feb, 15 2004
wzdftpd 0.2.2
Details:
wzdftpd accepts arguments for the LIST command.
However, length was not correctly tested and can lead to a buffer overflow by
sending a huge buffer.
Successful exploitation may allow execution of arbitrary code on an
affected system, with server privileges.
Fix:
update to lastest CVS version, or 0.2.2
Patch is attached.
Acknowledgements:
Thanks to the ecl-il team for reporting us the problem, and
providing many usefull informations.
|
|
From: pollux <po...@wz...> - 2004-02-13 14:01:25
|
WZDFTPD Security Advisory 2004-01
Topic: crash when using server in PORT mode
Version: wzdftpd-cvs: prior Feb, 13 2004
wzdftpd 0.2
wzdftpd < 0.2
Platform: FreeBSD (all versions)
Severity: medium (remote crash)
Fixed: wzdftpd-cvs: Feb, 13 2004
wzdftpd 0.2.1
Details:
wzdftpd tries to check if network connection is writable before
connecting to a remote host, this mechanism is not supported by FreeBSD
and leads to a crash.
We do not believe this crash to be exploitable.
Fix:
update to lastest CVS version, or 0.2.1.
Patch is attached.
|
|
From: Roman B. <bog...@in...> - 2003-09-26 12:31:41
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
WZDFTPD Security Advisory 2003-.02
Topic: DoS via sending a single CRLF sequence at login
Version: wzdftpd-cvs: source prior September, 25 2003
wzdftpd 0.1RC5
wzdtpd <0.1RC4
Severity: remote denail of service
Fixed: wzdftpd-cvs: September, 25 2003
wzdftpd 0.1RC5: September, 25 2003
other versions are not supported
Details:
wzdftpd has an internal check during the login process to verify the input.
however, sending a single CRLF sequence at login will cause an Unhandled
exception at the server.
Fix:
For cvs version users: not vulnerable since Sep, 25 2003
For wzdftpd 0.1rc5: patch is attached
For wzdftpd <0.1rc5: You need to upgrade, those versions are no longer supported.
Acknowledgements:
Thanks to Moran Zavdi from Moozatech IT Systems Ltd[1]
References:
Moozatech Advisory [2]
Original bu...@se... message [3]
[1] http://www.moozatech.com
[2] http://www.moozatech.com/mt-23-09-2003.txt
[3] http://securityfocus.com/archive/1/338631/2003-09-23/2003-09-29/0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (FreeBSD)
iQEVAwUBP3QxdCpMDQ8aPhy0AQJTMQf8Cr9yzOUC24ooMoM3Jff1eDNtBhB6MTGz
bGw+WJFffvq40RKEE6q1tTaNttmRzycZa+uIE0InURpnic3oCm6o1xB20SoHEDQC
eE7or0fRoBabCkwtw91yBBhf91NZG4nyepvGsuOZ/eCNm+szWoDLX6c4dArC9e37
pgA2ehRXbY9Lwx/di8lYLzQNH7al3d+5D8hFNfYoWcd1CljQb+x6gCqj/9rldEaU
1d+T82FgaIqAe+gU/sPZBnVOZ8X+PXFqo2Z+38GrMbi+eFCgxRnT3tZv7b5Hbpkj
qFykFO3Q1iPrwdVilGSb9tdfOv404oHYn55TSUpGMOVut1SmgfyFlg==
=cOe1
-----END PGP SIGNATURE-----
|
|
From: pollux <po...@wz...> - 2003-09-26 09:38:15
|
Application: wzdftpd FTP Server Web Site: http://www.wzdftpd.net Versions: 0.1rc5 Platform: Windows 2000,WindowsXP,UNIX systems might also be affected. Risk: Remote DOS. Severity: Medium Fix Available: Yes 1) Bug wzdftpd has an internal check during the login process to verify the input. however, sending a single CRLF sequence at login will cause an Unhandled exception at the server. 2) Fix Upgrade to daily version 20030923 or use CVS code 3) Acknowledgements Thanks to Moozatech Advisory for reporting the problem see http://www.moozatech.com/mt-23-09-2003.txt /P -- In /dev/null no one can here you scream ! // Pollux <po...@wz...> \\ // \\ \\ Creator of wzdftpd -- http://www.wzdftpd.net // \\ // |
