Summary
WarFTPd is prone to multiple remote format-string vulnerabilities because the application fails to sanitize user-supplied input before passing it to a formatted-output function.
An attacker can exploit these issues to crash the server and possibly to execute arbitrary code within the context of the server, but this has not been confirmed.
WarFTPd 1.82.00-RC11 is reported vulnerable
prior versions may be
vulnerable as well.
Solution
Updates are available. Please see the references for details.
References
Severity
Classification
-
CVE CVE-2006-5789 -
CVSS Base Score: 4.0
AV:N/AC:L/Au:S/C:N/I:N/A:P
Related Vulnerabilities
- TurboFTP 'DELE' FTP Command Remote Buffer Overflow Vulnerability
- XM Easy Personal FTP Server 'TYPE' Command Remote Denial of Service Vulnerability
- Wing FTP Server Denial of Service Vulnerability and Information Disclosure Vulnerability
- Ipswitch WS_FTP Professional 'HTTP' Response Format String Vulnerability
- WS FTP CWD DoS