Phase:WarFTPD 1.82 RC9, when running as an NT service, allows remote authenticated users to cause a denial of service (access violation) via a CWD command with a crafted pathname, as demonstrated using a large string of "%s" sequences, possibly indicating a format string vulnerability.
ReferencesBUGTRAQ:Thursday, January 27, 2005 WarFTPD 1.82 RC9 DoS | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110687202332039&w=2 | CONFIRM:http://support.jgaa.com/index.php?cmd=ShowReport&ID=02643 | BID:12384 | URL:http://www.securityfocus.com/bid/12384 | XF
Votes:Assigned (Thursday, February 10, 2005)
Comments:None (candidate not yet proposed)
F7: