[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

War FTP Daemon Remote Denial Of Service Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: War FTP Daemon Remote Denial Of Service Vulnerability
From: Jarle Aase <jgaa@xxxxxxxx>
Date: Sat, 12 Sep 2009 19:45:05 +0300

There has been reported an exploit where War FTP Daemon 1.82 RC 12 couldbe crashed from any logged in users, included anonymous users (if theyare allowed to log in). The exploit might also affect previous versionsof the server.

The exploit was reported to me Thu Sep 10 16:46:20 2009 by"corelanc0d3r". Exploit code was posted on the web before a fix was ready.


Please upgrade to the latest version as soon as possible.

War FTP Daemon can be downloaded from:

  http://www.warftp.org/?menu=344

Jarle
--
Jarle Aase                      email: jgaa@xxxxxxxx
Author of Free Software.        http://www.jgaa.com

War FTP Daemon:                 http://www.warftp.org
Other free software:            http://products.jgaa.com

NB: If you reply to this message, please include all relevant
information from the conversation in your reply. Thanks.
<<< no need to argue - just kill'em all! >>>

Prev by Date: [ GLSA 200909-15 ] Lynx: Arbitrary command execution
Next by Date: Re: [Full-disclosure] FreeBSD <= 6.1 kqueue() NULL pointer dereference
Previous by thread: [ GLSA 200909-15 ] Lynx: Arbitrary command execution
Next by thread: Re: [Full-disclosure] FreeBSD <= 6.1 kqueue() NULL pointer dereference
Index(es):
- Date
- Thread