Wing FTP server versions prior to 4.1.1 suffer from a denial of service vulnerability.
5218cc363cc8502cf2bb7b724b8e65515218ed7cc7fcb5b6190fbf513f38f13e----------------------------------------------------------------------------------
| WingFTP Server Denial of Service Vulnerability |
-----------------------------------------------------------------------------------
Summary
=======
WingFTP server is prone to a remote denial-of-service vulnerability.
Attackers can exploit this issue to cause the service to crash,
denying service to legitimate users
CVE number: CVE-2012-4729
Impact: High
Vendor homepage: http://www.wftpserver.com/serverhistory.htm#gotop
Vendor notified: 30/08/2012
Vendor response: Vendor fixed the vulnerability and released the fix.
.
Affected Products
======== ========
Windows Platforms.
Details
=======
It is possible the crash the process by sending two sequential request
to zip file option by authenticated users.
The output of debugger:
(6e4.c4c): C++ EH exception - code e06d7363 (first chance) ( After
first request )
eax=026a6b80 ebx=00000001 ecx=00000004 edx=00000000 esi=00000001 edi=00000000
eip=7c90e514 esp=014ce1cc ebp=014ce1dc iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
7c90e514 c3 ret
Impact
======
Process crashed and the all services down.
Solution
========
Issue was fixed on Version 4.1.1
http://www.wftpserver.com/serverhistory.htm#gotop
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed