zFtp Server <= 2011-04-13 | "STAT,CWD" Remote Denial of Service Vulnerability
The zFTP server is found to be vulnerable to denial of service in
handling multiple STAT and CWD command requests.
The zFTP server is a Windows based FTP server with focus on clever
Active Directory integration and powerful, effortless administration.
2011-04-13 and earlier
http://www.exploit-db.com/exploits/18028/
The vendor has released the patched version
(http://download.zftpserver.com/zFTPServer_Suite_Setup.exe)
Vastgota-Data
This vulnerability was discovered by Myo Soe, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
2011-06-19: notified vendor through email
2011-10-17: vendor released fixed version, 2011-10-17
2011-10-25: vulnerability disclosed
Original Advisory URL:
http://core.yehg.net/lab/pr0js/advisories/%5Bzftpserver_2011-04-13%5D_stat,cwd_dos
zFTP Server Home Page: http://zftpserver.com
#yehg [2011-10-25]