Home page logo

bugtraq logo Bugtraq mailing list archives

Potential DOS Vulnerability in WFTPD
From: joetesta () HUSHMAIL COM
Date: Thu, 3 May 2001 22:37:37 -0800

----- Begin Hush Signed Message from joetesta () hushmail com -----

Potential DOS Vulnerability in WFTPD


WFTPD v3.00R5 is an ftp server available from http://www.wftpd.com
and http://www.download.com.  A potential denial-of-service
vulnerability exists which allows a remote attacker to hang the server.


When a user attempts to change the current directory, the server first
queries the directory, then determines if the operation should be
allowed.  This implementation exposes the server to a DOS attack if
a malicious attacker continuously tries to change the current directory
to the server's floppy drive.
    The following is an illustration of the problem:

ftp localhost
Connected to xxxxxxxxxx.rh.rit.edu.
220-This FTP site is running a copy of WFTPD that is NOT REGISTERED
.. <registration nag header is edited out >
220 WFTPD 3.0 service (by Texas Imperial Software) ready for new user
User (xxxxxxxxxx.rh.rit.edu:(none)): jdog
331 Give me your password, please
230 Logged in successfully
ftp> cd a:/
501 User is not allowed to change to a:/ - returning to /.

    The server correctly denies the action, but queries the A:\ drive
anyway.  A DOS can achieved by repeating the 'cd a:/' command
continuously.  This problem will have varying effects, depending on
your system configuration.
    An exploit written in PERL is available at:


Disable your floppy drive in your system BIOS if your system configuration
is vulnerable.

    Vendor Status

Texas Imperial Software was contacted via <support () texis com> and
<info () texis com> on Wednesday, April 25, 2001.  Alun Jones, the program
author, verified the behavior and plans on releasing a fix in the v3.1

    - Joe Testa

e-mail:   joetesta () hushmail com
web page: http://hogs.rit.edu/~joet
AIM:      LordSpankatron

----- Begin Hush Signature v1.3 -----
----- End Hush Signature v1.3 -----

This message has been signed with a Hush Digital Signature.
To verify the signature, please go to www.hush.com/tools

Free, encrypted, secure Web-based email at www.hushmail.com

  By Date           By Thread  

Current thread:
  • Potential DOS Vulnerability in WFTPD joetesta (May 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]