WinFtp Server Data Handling Denial of Service Vulnerability Date: Wednesday, December 20, 2006 @ 16:00:04 CST Topic: Security SECUNIA ADVISORY ID: SA23412 VERIFY ADVISORY: http://secunia.com/advisories/23412/ CRITICAL: Moderately critical IMPACT: DoS SOFTWARE: WinFtp Server 2.x - http://secunia.com/product/12923/ DESCRIPTION: shinnai has discovered a vulnerability in WinFtp Server, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an off-by-one error when processing data received from the client. This can be exploited to crash the service by sending an overly long string (greater than 500 bytes) to the service. The vulnerability is confirmed in version 2.0.2. Other versions may also be affected. SOLUTION: Restrict access to the FTP service. PROVIDED AND/OR DISCOVERED BY: shinnai This article comes from Ravens PHP Scripts https://www.ravenphpscripts.com The URL for this story is: https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2577