Description
WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a 0Ah byte (newline) is sent, which allows local users to cause a denial of service (CPU consumption) by continuing to send a long command that does not contain a newline.
Product(s):
- Texas Imperial Software WFTPD 3.0
- Texas Imperial Software WFTPD 3.0 Pro
- Texas Imperial Software WFTPD 3.0_0r3
- Texas Imperial Software WFTPD 3.0_0r4
- Texas Imperial Software WFTPD 3.0_0r4 Pro
- Texas Imperial Software WFTPD 3.0_0r5
- Texas Imperial Software WFTPD 3.0_0r5 Pro
- Texas Imperial Software WFTPD 3.10 R1
- Texas Imperial Software WFTPD 3.20
- Texas Imperial Software WFTPD 3.21
- Texas Imperial Software WFTPD Pro 3.10 R1
- Texas Imperial Software WFTPD Pro 3.20
- Texas Imperial Software WFTPD Pro 3.21
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-0341, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-0341 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.