Details of VAR-200701-0599

ID

VAR-200701-0599

TITLE

WzdFTPD Remote Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2007-0484

DESCRIPTION

WzdFTPD is an ftp server that runs on the linux/win32/freebsd/openbsd platform. WzdFTPD has a vulnerability in handling malformed user requests, and remote attackers can cause WzdFTPD to refuse service by sending a specially crafted FTP command. The 'wzdftpd' program is prone to multiple remote denial-of-service vulnerabilities. Exploiting these issues allows remote attackers to crash the application, denying further service to legitimate users. These issues reportedly affect versions prior to 0.8.1

Trust: 0.81

sources: CNVD: CNVD-2007-0484 // BID: 22152

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2007-0484

AFFECTED PRODUCTS

vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	wzdftpd	model:	wzdftpd	scope:	eq	version:	0.8	Trust: 0.3
vendor:	wzdftpd	model:	wzdftpd	scope:	eq	version:	0.7.3	Trust: 0.3
vendor:	wzdftpd	model:	wzdftpd	scope:	eq	version:	0.7.2	Trust: 0.3
vendor:	wzdftpd	model:	wzdftpd	scope:	eq	version:	0.7.1	Trust: 0.3
vendor:	wzdftpd	model:	wzdftpd	scope:	eq	version:	0.7	Trust: 0.3
vendor:	wzdftpd	model:	wzdftpd	scope:	eq	version:	0.6	Trust: 0.3
vendor:	wzdftpd	model:	wzdftpd	scope:	eq	version:	0.5.4	Trust: 0.3
vendor:	wzdftpd	model:	wzdftpd	scope:	eq	version:	0.5.2	Trust: 0.3
vendor:	wzdftpd	model:	rc5	scope:	eq	version:	0.1	Trust: 0.3
vendor:	wzdftpd	model:	rc4	scope:	eq	version:	0.1	Trust: 0.3
vendor:	wzdftpd	model:	cvs-20030613	scope:	eq	version:	0.1	Trust: 0.3
vendor:	wzdftpd	model:	wzdftpd	scope:	eq	version:	0.1	Trust: 0.3
vendor:	wzdftpd	model:	wzdftpd	scope:	ne	version:	0.8.1	Trust: 0.3

sources: CNVD: CNVD-2007-0484 // BID: 22152

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2007-0484
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2007-0484
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2007-0484

THREAT TYPE

network

Trust: 0.3

sources: BID: 22152

TYPE

Unknown

Trust: 0.3

sources: BID: 22152

EXTERNAL IDS

db:	BID	id:	22152	Trust: 0.9
db:	CNVD	id:	CNVD-2007-0484	Trust: 0.6

sources: CNVD: CNVD-2007-0484 // BID: 22152

REFERENCES

url:	http://www.s21sec.com/avisos/s21sec-033-en.txt	Trust: 0.3
url:	http://www.wzdftpd.net/	Trust: 0.3

sources: BID: 22152

CREDITS

Jose Miguel Esparza is credited with the discovery of these vulnerabilities.

Trust: 0.3

sources: BID: 22152

SOURCES

db:	CNVD	id:	CNVD-2007-0484
db:	BID	id:	22152

LAST UPDATE DATE

2022-05-17T01:58:14.483000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2007-0484	date:	2014-01-24T00:00:00
db:	BID	id:	22152	date:	2007-01-25T16:24:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2007-0484	date:	2007-01-19T00:00:00
db:	BID	id:	22152	date:	2007-01-19T00:00:00