CVE-2004-0340

Name of the Vulnerable Software and Affected Versions WFTPD Pro Server versions 3.21 Release 1 through 3.21 Release 1 WFTPD Pro Server version 3.20 Release 2 WFTPD Server versions 3.21 Release 1 through 3.21 Release 1 WFTPD Server version 3.10

Description A stack-based buffer overflow issue allows local users to execute arbitrary code via long commands, including LIST, NLST, or STAT commands.

Recommendations For WFTPD Pro Server version 3.21 Release 1, consider disabling the execution of long LIST, NLST, or STAT commands until a patch is available. For WFTPD Pro Server version 3.20 Release 2, restrict access to the LIST, NLST, and STAT commands to minimize the risk of exploitation. For WFTPD Server version 3.21 Release 1, avoid using long commands in the affected server until the issue is resolved. For WFTPD Server version 3.10, consider applying configuration changes to limit the length of incoming commands. At the moment, there is no information about a newer version that contains a fix for this vulnerability.