2001355 : WFTPD Pro "CWD" command buffer overflow

High RiskHigh Risk

Quick Links

Event description Jump to the top of this document

WFTPD Pro is vulnerable to a denial of service attack caused by a buffer overflow. By sending a 'CWD' command followed by a long character string containing 500 characters or more, a remote attacker can overflow a buffer and cause the server to crash or possibly execute arbitrary code on the server. WFTPD Pro is also vulnerable if a remote attacker sends a 'CWD' or 'RETR' command followed by a long character string containing 32000 characters or more. WFTPD is also vulnerable to this buffer overflow if an attacker sends a 'CWD' or 'LIST' command requesting a directory containing a filename of at least 250 characters.

Products that have this security check Jump to the top of this document

FTP_Retr_Very_Long

This signature examines the file name argument for any "RETR" or "CWD" command. If length exceeds specified tune parameter's value, then issue triggers.

False Positive:The buffer overflow for WFTPD Pro version 3.00 R4 occurs when the filename is 32K bytes or larger in size.

Affected platforms Jump to the top of this document

How to remove this vulnerability Jump to the top of this document

For WFTPD (all versions):
Upgrade to WFTPD (3.10 R1 or later) or (Pro 3.10 R1 or later), available from Texas Imperial Softwares Web site. See References.

References Jump to the top of this document

BugTraq Mailing List, Sat Mar 03 2001 - 12:51:52 CST
WFTPD Pro 3.00 R1 Buffer Overflow
http://archives.neohapsis.com/archives/bugtraq/2001-02/0531.html

Texas Imperial Software Web site
Index of /downloads
http://www.wftpd.com/downloads/

BugTraq Mailing List, Sat May 26 2001 - 03:24:25 CDT
WFTPD 32-bit (X86) 3.00 R5 Directory Traversal / Buffer Overflow / DoS
http://archives.neohapsis.com/archives/bugtraq/2001-05/0249.html

BugTraq Mailing List, Sun Apr 22 2001 - 15:20:00 CDT
WFTPD "Pro" 3.0 R4 Buffer Overflow
http://archives.neohapsis.com/archives/bugtraq/2001-04/0390.html

Texas Imperial Software Web site
WFTPD Pro
http://www.wftpd.com/

Common Vulnerabilities and Exposures
Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute arbitrary commands via a long CWD command.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0296

BugTraq
WFTPD RETR and CWD Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/2644

BugTraq
WFTPD Path/File Mapping Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/2780

Information about this document Jump to the top of this document

The information contained in this document may change without notice, and may have been altered or changed if you have received it from a source other than Internet Security Systems. Use of this information constitutes acceptance for use in an "AS IS" condition, without warranties of any kind, and any use of this information is at the user's own risk. Internet Security Systems disclaims all warranties, either expressed or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Internet Security Systems be liable for any damages whatsoever, including direct, indirect, incidental, consequential or special damages, arising from the use or dissemination hereof, even if Internet Security Systems has been advised of the possibility of such damages.

Copyright © 1997 – 2009 IBM Internet Security Systems. All rights reserved.

This page was created on Thu Jun 11 09:06:45 2009