From: SecuriTeam <support@securiteam.com.>
To: [email protected]
Date: 24 Jan 2007 20:04:07 +0200
Subject: [NEWS] WzdFTPD hash DoS
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20070124180348.B907558D7@mail.tyumen.ru.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
WzdFTPD hash DoS
------------------------------------------------------------------------
SUMMARY
<http://www.wzdftpd.net/>; WzdFTPD is "a ftp server designed to be modular
and portable, work under linux/win32/freebsd/openbsd, and to be entirely
configurable online using SITE commands. It supports SSL, IPv6,
multithreading, external scripts, and it uses Unix-like permissions and
ACLs, with virtual users and groups".
WzdFTPD project also supports bandwidth limitation (per user, per group,
or globally), group administrators, and per command authorization.
A vulnerability in WzdFTPD allows remote attackers to issue a specially
crafted request to the FTP server causing it to reference a NULL pointer,
causing the program to crash.
DETAILS
Vulnerable Systems:
* WzdFTPD version 8.0
Immune Systems:
* WzdFTPD version 8.1
Workaround:
Add "key != NULL" condition in the chtbl_lookup function of the hash.c
file until vendor solution or upgrade to 8.1.
ADDITIONAL INFORMATION
The information has been provided by <mailto:jesparza@s21sec.com.> Jose
Miguel Esparza.
The original article can be found at:
<http://www.s21sec.com/avisos/s21sec-033-en.txt>;
http://www.s21sec.com/avisos/s21sec-033-en.txt
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: [email protected]
In order to subscribe to the mailing list, simply forward this email to: [email protected]
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
