zFtp Server <= 2011-04-13 | "STAT,CWD" Remote Denial of Service Vulnerability
The zFTP server is found to be vulnerable to denial of service in handling STAT and CWD commands with overly large buffer requests.
The zFTP server is a Windows based FTP server with focus on clever Active Directory integration and powerful, effortless administration.
3. VERSIONS AFFECTED
2011-04-13 and earlier
The vendor has released the patched version (http://download.zftpserver.com/zFTPServer_Suite_Setup.exe)
This vulnerability was discovered by Myo Soe, http://yehg.net, YGN Ethical Hacker Group, Myanmar.
8. DISCLOSURE TIME-LINE
2011-06-19: notified vendor through email
2011-10-17: vendor released fixed version, 2011-10-17
2011-10-25: vulnerability disclosed
Original Advisory URL: http://core.yehg.net/lab/pr0js/advisories/[zftpserver_2011-04-13]_stat,cwd_dos
zFTP Server Home Page: http://zftpserver.com