Debian Security Advisory DSA 1452-1 (wzdftpd) Network Vulnerability

Summary

The remote host is missing an update to wzdftpd announced via advisory DSA 1452-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201452-1

Insight

k1tk4t discovered that wzdftpd, a portable, modular, small and efficient ftp server, did not correctly handle the receipt of long usernames. This could allow remote users to cause the daemon to exit. For the stable distribution (etch), this problem has been fixed in version 0.8.1-2etch1. For the old stable distribution (sarge), this problem has been fixed in version 0.5.2-1.1sarge3. For the unstable distribution (sid), this problem has been fixed in version 0.8.2-2.1. We recommend that you upgrade your wzdftpd package.

Severity

Classification

CVE CVE-2007-5300
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Debian Security Advisory DSA 068-1 (openldap)
Debian Security Advisory DSA 1119-1 (hiki)
Debian Security Advisory DSA 1139-1 (ruby1.6)
Debian Security Advisory DSA 1111-1 (kernel-source-2.6.8 et. al.)
Debian Security Advisory DSA 109-1 (faqomatic)

Take action and discover your vulnerabilities