Reported May 4, 2001, by Joe Testa.
Texas Imperial Software’s WFTPD Program 3.00R5 for Windows 2000 and Windows NT
A Denial of Service (DoS) condition exists in Texas Imperial Software’s FTP program, WFTPD. If an attacker connects to the FTP server and issues a change directory (CD) command that targets the FTP server’s floppy drive , the server processes this request.
Joe Testa posted this proof-of-concept code to demonstrate this vulnerability.
The vendor, Texas Imperial Software, will correct this vulnerability in a future release, version 3.1. Meanwhile, to work around the vulnerability, use the FTP server’s BIOS settings to disable the floppy drive.
Discovered by Joe Testa.