Phase:War FTP Daemon (WarFTPd) 1.82.00-RC11 allows remote authenticated users to cause a denial of service via a large number of "%s" format strings in (1) CWD, (2) CDUP, (3) DELE, (4) NLST, (5) LIST, (6) SIZE, and possibly other commands. NOTE: it is possible that vector 1 is an off-by-one variant or incomplete fix of CVE-2005-0312.
ReferencesBUGTRAQ:Tuesday, November 07, 2006 WarFTPd 1.82.00-RC11 Remote Denial Of Service | URL:http://www.securityfocus.com/archive/1/archive/1/450804/100/0/threaded | BID:20944 | URL:http://www.securityfocus.com/bid/20944 | FRSIRT:ADV-2006-4398 | URL:http://ww
Votes:Assigned (Tuesday, November 07, 2006)
Comments:None (candidate not yet proposed)
F7: