Launchpad.net

CVE 2007-5300

Off-by-one error in the do_login_loop function in libwzd-core/wzd_login.c in wzdftpd 0.8.0, 0.8.2, and possibly other versions allows remote attackers to cause a denial of service (daemon crash) via a long USER command that triggers a stack-based buffer overflow. NOTE: some of these details are obtained from third party information.

Related bugs and status

CVE-2007-5300 (Candidate) is related to these bugs:

Bug #151946: CVE-2007-5300 remote denial of service

		In	Importance	Status
151946	CVE-2007-5300 remote denial of service	wzdftpd (Ubuntu)	Medium	Fix Released
151946	CVE-2007-5300 remote denial of service	wzdftpd (Debian)	Unknown	Fix Released
151946	CVE-2007-5300 remote denial of service	wzdftpd (Ubuntu Gutsy)	Medium	Fix Released
151946	CVE-2007-5300 remote denial of service	wzdftpd (Ubuntu Dapper)	Undecided	Fix Released
151946	CVE-2007-5300 remote denial of service	wzdftpd (Ubuntu Edgy)	Undecided	Fix Released
151946	CVE-2007-5300 remote denial of service	wzdftpd (Ubuntu Feisty)	Undecided	Fix Released

Bug #154769: wzdftpd

Summary				In	Importance	Status
	154769	wzdftpd		wzdftpd (Ubuntu)	Medium	Fix Released

Bug #180978: [wzdftpd] [CVE-2007-5300] DoS vulnerability

Summary				In	Importance	Status
	180978	[wzdftpd] [CVE-2007-5300] DoS vulnerability		wzdftpd (Ubuntu)	Medium	Fix Released
	180978	[wzdftpd] [CVE-2007-5300] DoS vulnerability		wzdftpd (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

SECUNIA: 27091
BID: 25967
DEBIAN: DSA-1452
SECUNIA: 28342
VUPEN: ADV-2007-3389
XF: wzdftpd-dologinloop-bo...
XF: wzdftpd-user-dos(37010)
EXPLOIT-DB: 4498