WFTP Out of Sequence RNTO DoS

2000-07-11T20:48:00
ID OSVDB:365
Type osvdb
Reporter Blue Panda(bluepanda@dwarf.box.sk)
Modified 2000-07-11T20:48:00

Description

Vulnerability Description

WFTPD contains a flaw that may allow a remote denial of service. The issue is triggered when a logged in user issues an out of sequence RNTO command, and will result in loss of availability for the WFTPD service.

Solution Description

Upgrade to version 2.41 RC11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

WFTPD contains a flaw that may allow a remote denial of service. The issue is triggered when a logged in user issues an out of sequence RNTO command, and will result in loss of availability for the WFTPD service.

References:

Vendor URL: http://www.wftpd.com/ Nessus Plugin ID:10466 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-07/0135.html ISS X-Force ID: 4930 CVE-2000-0648 Bugtraq ID: 1456