zFtp Server <= 2011-04-13 | "STAT,CWD" Remote Denial of Service Vulnerability
The zFTP server is found to be vulnerable to denial of service in handling multiple STAT and CWD command requests.
The zFTP server is a Windows based FTP server with focus on clever Active Directory integration and powerful, effortless administration.
2011-04-13 and earlier
The vendor has released the patched version (http://download.zftpserver.com/zFTPServer_Suite_Setup.exe)
This vulnerability was discovered by Myo Soe, http://yehg.net, YGN Ethical Hacker Group, Myanmar.
2011-06-19: notified vendor through email 2011-10-17: vendor released fixed version, 2011-10-17 2011-10-25: vulnerability disclosed
Original Advisory URL: http://core.yehg.net/lab/pr0js/advisories/%5Bzftpserver_2011-04-13%5D_stat,cwd_dos zFTP Server Home Page: http://zftpserver.com