War-FTPd 1.6x CWD/MKD DoS Vulnerability

Solution:
Version 1.67-4 has been patched against this vulnerability, and is available at:
http://war.jgaa.com/alert/files/ward167-4.zip
Also, upgrading to version 1.71 will fix this problem. 1.71 is available at:
http://war.jgaa.com/alert/files/ward171-0.zip

These versions have a sanity check that prevents arguments longer than the length specified in the MAX_PATH variable from being accepted.



 

Privacy Statement
Copyright 2010, SecurityFocus