icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

WarFTPd Multiple Command CPU Consumption DoS

Medium

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack.

Description

The remote WarFTPd server is running a 1.71 version. It is possible for a remote user to cause a denial of service on a host running Serv-U FTP Server, G6 FTP Server or WarFTPd Server. Repeatedly submitting an 'a:/' GET or RETR request, appended with arbitrary data, will cause the CPU usage to spike to 100%.

Solution

Upgrade to the latest version of WarFTPd.