A vulnerability in WFTPD Pro allows a user issuing a long parameter (around 300 bytes) as a value for almost all commands, to cause a DoS attack against the controlling GUI of the WFTP Pro product. Once the attack has been launched, an administrator can no longer open the GUI and see the current connected users.
SecurITeam would like to thank STORM for finding this vulnerability.
* WFTPD version 3.21 Release 2
* WFTPD version 3.21 Release 1
* WFTPD version 3.21 Release 3
WFTPD Pro 3.21 Release 3 is released on March 16, 2004, to fix a potential denial-of-service attack on the Control Panel applet discovered by STORM <storm[at]securiteam[dot]com>. Also changed in this version - the output to the control panel applet is changed to being sent only when a command executes.
# Multiple Vulnerabilities in WFTPD FTP Server version 3.21.1
# Created by Beyond Security Ltd. - All rights reserved.