Title: WFTPD 2.4.1RC11 Multiple Vulnerabilities
Severity: MODERATE
Description:
WFTPD versions prior to 2.4.1RC11 suffer from a number of vulnerabilities.
1) Issuing a STAT command while a LIST is in progress will cause the ftp server to crash.
2) If the REST command is used to write past the end of a file or to a non-existant file (with STOU, STOR, or APPE), the ftp server will crash.
3) If a transfer is in progress and a STAT command is issued, the full path and filename on the server is revealed.
4) If an MLST command is sent without first logging in with USER and PASS, the ftp server will crash.
Affected Products:
- Texas Imperial Software WFTPD 2.34.0
- Texas Imperial Software WFTPD 2.4.1
- Texas Imperial Software WFTPD 2.4.1 RC11
- Texas Imperial Software WFTPD 2.40.0
References:
- Texas Imperial Software: WFTPD Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
