WS_FTP Path Parsing Remote DoS

2004-08-31T06:05:24
ID OSVDB:9382
Type osvdb
Reporter lion(lion@cnhonker.net)
Modified 2004-08-31T06:05:24

Description

Vulnerability Description

WS_FTP Server version contains a flaw that may allow a remote denial of service. The issue is triggered in the file path parse module which will cause the FTP server to consume large amounts of CPU power. When this occurs, it will result in loss of availability for the service.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Restrict access to the FTP server and disallow anonymous usage.

Short Description

WS_FTP Server version contains a flaw that may allow a remote denial of service. The issue is triggered in the file path parse module which will cause the FTP server to consume large amounts of CPU power. When this occurs, it will result in loss of availability for the service.

References:

Security Tracker: 1011095 Secunia Advisory ID:12406 Nessus Plugin ID:14584 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-08/0395.html CVE-2004-1643 Bugtraq ID: 11065