WFTPD unpatched exploit and potential DDoS against anti-spyware forums
K-OTik Security submitted information in regards to an WFTPD Server / WFTPD Pro Server exploit. This is an overflow that can allow a logged in user to run arbitrary code as a SYSTEM or the user that started WFTPD (depending on the version) More information:
http://lists.netsys.com/pipermail/full-disclosure/2004-February/018031.html
There's already an exploit for this, and the developer hasn't released a patch for the tested versions (3.21 & 3.10, both regular and Pro versions)
-----
Someone pointed out that at least one of the anti-Spyware forums have been having problems with DoS attacks. More information can be found at:
http://www.netrn.net/spywareblog/
See the Feb 16th entry.
Handler on Duty (substituting for Lorna Hutcheson)
Davis Ray Sickmon Jr, Midnight Ryder Technologies ( http://www.midnightryder.com )
Keywords:
0 comment(s)
×
Diary Archives
Comments