Denial of Service in WFTPD FTP Server

Reported May 4, 2001, by Joe Testa.

VERSION AFFECTED

  • Texas Imperial Software’s WFTPD Program 3.00R5 for Windows 2000 and Windows NT

DESCRIPTION

 

A Denial of Service (DoS) condition exists in Texas Imperial Software’s FTP program, WFTPD. If an attacker connects to the FTP server and issues a change directory (CD) command that targets the FTP server’s floppy drive , the server processes this request.

 

DEMONSTRATION

 

Joe Testa posted this proof-of-concept code to demonstrate this vulnerability.

 

VENDOR RESPONSE

 

The vendor, Texas Imperial Software, will correct this vulnerability in a future release, version 3.1. Meanwhile, to work around the vulnerability, use the FTP server’s BIOS settings to disable the floppy drive.

 

CREDIT
Discovered by Joe Testa.

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish