CVE-2004-0342 Information

Description

WFTPD Pro Server 3.21 Release 1 with the XeroxDocutech option enabled allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used which overwrites a cookie with a null character possibly due to an off-by-one error.

Reference

http://marc.info/?l=bugtraq&m=107801142924976&w=2 http://secunia.com/advisories/11001 http://www.osvdb.org/4116 http://www.securityfocus.com/bid/9767 https://exchange.xforce.ibmcloud.com/vulnerabilities/15342