• info
• discussion
• exploit
• solution
• references

WFTPD Path/File Mapping Buffer Overflow Vulnerability

No exploit is required to crash the service due to this
vulnerability.

Users must simply enter a 'current working directory' that exceeds approximately 250 characters (ie, using '......................../') and then request a LIST. The overflow occurs when the length condition is met and the FTP service will crash until manually restarted.

No known exploit code exists that will force execution of shellcode on the server.