CVE-2007-5300

Name of the Vulnerable Software and Affected Versions wzdftpd versions 0.8.0 through 0.8.2

Description The issue is related to multiple vulnerabilities in the wzdftpd package of the Debian GNU/Linux operating system, which can lead to a disruption of protected information. These vulnerabilities can be exploited remotely. Specifically, an off-by-one error in the do login loop function in libwzd-core/wzd login.c allows remote attackers to cause a denial of service (daemon crash) via a long USER command that triggers a stack-based buffer overflow.

Recommendations For versions 0.8.0 through 0.8.2, consider disabling the do login loop function as a temporary workaround until a patch is available. Restrict access to the wzdftpd service to minimize the risk of exploitation. Avoid using long USER commands in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.