Intrusion Prevention

WFTPD.Pro.MLST.Buffer.Overflow

Description

It indicates an attacker attempted a Denial of Service attack against WTFTP Pro FTP server. WFTPD Pro is vulnerable to a denial of service attack, caused by a a programming error when handling MLST (MultiLocus Sequence Typing) commands. An authenticated attacker could issue a long MLST command to the FTP server to cause the server to crash.

Affected Products

Texas Imperial Software WFTPD Pro 3.21, R3, R2, and R1.

Impact

Denial of Service

Recommended Actions

Apply appropriate patch from the vendor or Upgrade to non-vulnerable version if available.

CVE References

CVE-2004-1642