SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
IT News
Search
SecurityAlert Database
About SecurityAlert
ExploitAlert Database
SecurityReason Research
WLB
WLB Database
Send to WLB
About WLB
Services
Security Audit
Schedule
Prices of services
Contact
RSS
SecurityReason IT News
SecurityAlert
World Laboratory of Bugtraq
ExploitAlert
Apache
PHP
Corporate
Contact
About SecurityReason
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com
Home arrow SecurityAlert Database

Arrow  Topic :

WzdFTPD < 8.1 Denial of service


Arrow  SecurityAlert : 2171
Arrow  CVE : CVE-2007-0428
Arrow  SecurityRisk : Low  Security Risk Low  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : No
Arrow  Exploit Available : Yes
Arrow  Credit : Jose Miguel Esparza
Arrow  Published : 24.01.2007

Arrow  Affected Software : WzdFTPD < 8.1



Arrow  Advisory Content :  

##############################################################

- S21Sec Advisory -

##############################################################

Title: WzdFTPD Denial of Service
ID: S21SEC-033-en
Severity: Medium - Denial of Service
History: 26.Dic.2006 Vulnerability discovered
8.Ene.2007 Vendor contacted

Scope: FTP Server Denial of Service
Platforms: Any
Author: Jose Miguel Esparza (jesparza (at) s21sec (dot) com [email
concealed])
URL: http://www.s21sec.com/avisos/s21sec-033-en.txt
Release: Public

[ SUMMARY ]

WzdFTPD is a ftp server designed to be modular and portable, work
under linux/win32/freebsd/openbsd, and to be entirely configurable
online using SITE commands. It supports SSL, IPv6, multithreading,
external scripts, and it uses Unix-like permissions and ACLs, with
virtual users and groups.

WzdFTPD project also supports bandwith limitation (per user, per
group, or globally), group administrators, and per command
authorization.

[ AFFECTED VERSIONS ]

Following versions are affected with this issue:

- WzdFTPD v8.0 and prior.
- Lastest version (8.1) is not affected by this vulnerability.

[ DESCRIPTION ]

It's possible to cause a denial of service sending a special crafted
FTP command.

[ WORKAROUND ]

Add "key != NULL" condition in the chtbl_lookup function of the
hash.c file until vendor solution or upgrade to 8.1.

[ ACKNOWLEDGMENTS ]

These vulnerabilities have been found and researched by:

- Jose Miguel Esparza <jesparza (at) s21sec (dot) com [email concealed]>
S21Sec

With thanks to:

- David Barroso <dbarroso (at) s21sec (dot) com [email concealed]> S21Sec

[ REFERENCES ]

* WzdFTPD
http://www.wzdftpd.net/

* S21Sec
http://www.s21sec.com




Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc/fnmatch(3) DoS

Security Risk Medium- 2011-05-13

Allow attacker to denial of service apache 2.2.17 server
Apache RSS Apache Alert

» Apache HTTP Server Denial
   of Service Vulnerability

» Multiple Vendors
   libc/fnmatch(3) DoS (incl
   apache poc)

» Apache Continuum
   cross-site scripting
   vulnerability

» Apache Tomcat DoS
   Vulnerability
PHP RSS PHP Alert

» PHP Hashtables Denial of
   Service

» PHP 5.3.6 multiple null
   pointer dereference

» PHP 5.3.6 ZipArchive
   invalid use glob(3)

» libzip 0.9.3
   _zip_name_locate NULL
   Pointer Dereference (incl
   PHP 5.3.5)
ADT

Protect your family and valuables with Home Security Systems
Copyright © SecurityReason.com. All Rights Reserved.