CVE-2004-0342

Name of the Vulnerable Software and Affected Versions WFTPD Pro Server version 3.21 Release 1

Description The issue allows local users to cause a denial of service, resulting in a crash, by utilizing specific commands. This can be achieved via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used. The crash possibly occurs due to an off-by-one error, which overwrites a cookie with a null character. This issue is specific to configurations where the XeroxDocutech option is enabled.

Recommendations For WFTPD Pro Server version 3.21 Release 1, consider disabling the XeroxDocutech option as a temporary workaround to minimize the risk of exploitation. Restrict access to the MKD and XMKD commands until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.