Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - SANS Internet Storm Center InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

WFTPD unpatched exploit and potential DDoS against anti-spyware forums

Published: 2004-02-29
Last Updated: 2004-03-01 02:06:55 UTC
by Lorna Hutcheson (Version: 1)
0 comment(s)

K-OTik Security submitted information in regards to an WFTPD Server / WFTPD Pro Server exploit. This is an overflow that can allow a logged in user to run arbitrary code as a SYSTEM or the user that started WFTPD (depending on the version) More information:

There's already an exploit for this, and the developer hasn't released a patch for the tested versions (3.21 & 3.10, both regular and Pro versions)


Someone pointed out that at least one of the anti-Spyware forums have been having problems with DoS attacks. More information can be found at:

See the Feb 16th entry.

Handler on Duty (substituting for Lorna Hutcheson)
Davis Ray Sickmon Jr, Midnight Ryder Technologies ( )
0 comment(s)
Diary Archives