CVE 1999-0950
CAN 2001-0296
By exploiting a buffer overflow condition in the processing of
the CWD command, it is possible for a remote user to execute
arbitrary commands on the server running WFTPD.
Unless the anonymous account is enabled, an attacker would
need to know a valid user name and password in order to
exploit the vulnerability.
WFTPD Pro 3.00 prior to release 4 is affected by this vulnerability.
6/1/01
A buffer overflow in the processing of path names could allow an
attacker to crash the service or execute arbitrary code by listing
a directory which, together with a file name in the directory,
contains a very large path name. Unless the anonymous account
is enabled, an attacker would need to know a valid user name and
password in order to exploit the vulnerability.
WFTPD Pro 3.00 R5 and earlier are affected by this vulnerability.
CAN 2001-0695
By continually issuing a command to access the floppy disk
drive (cd a:\), an attacker can
cause a denial of service. WFTPD 3.00 R5 and earlier are
affected by this vulnerability.
The long path name vulnerability was reported in Vuln-Dev.
The denial-of-service vulnerability was posted to Bugtraq.