WarFTPD 1.82 RC9, when running as an NT service, allows remote authenticated users to cause a denial of service (access violation) via a CWD command with a crafted pathname, as demonstrated using a large string of "%s" sequences, possibly indicating a format string vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
war ftp daemon war ftp daemon 1.8 |
||
war ftp daemon war ftp daemon 1.82_rc9 |