RaidenFTPD security bulletin : RSB-002
@RaidenFTPD D.O.S. attackdiscovered on : 2001-10-12victims : All RaidenFTPD versions prior than v2.2 build 221solution : Upgrade to RaidenFTPD v2.2 build 221
Who should read this bulletin: Customers using RaidenFTPD v2.2 build 1~209
Impact of vulnerability: Causing RaidenFTPD to shutdown immediatelly
Recommendation: Customers using RaidenFTPD v2.2 build 1~209 should upgrade to v2.2 build 221 immediatelly
Affected Software:
RaidenFTPD
v2.1 all versions
RaidenFTPD v2.2 build 1~209
Patch
availability
Download locations for this patch
full install http://www.raidenmaild.com/download/raidenftpd2.exe
update only download
Technical details
When a ftp client uses FlashFXP 1.4 to connect to your RaidenFTPD server , you can send a target directory string in the upper side of the main window (see pic.01) , you can enter a string starting with a "/" and then input any directory string longer than 255 characters , when you press enter , your connection to the ftp server is lost , and the RaidenFTPD server is closed immediatelly .
note : using RAW COMMAND "CWD /XXX" will not cause RaidenFTPD to shutdown
pic.01
Disclaimer
The information provided in the RaidenFTPD security bulletin is provided
"as is" without warranty of any kind. RaidenFTPD team disclaims
all warranties, either express or implied, including the warranties of
merchantability and fitness for a particular purpose. In no event shall
RaidenFTPD team be liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business profits or special
damages, even if RaidenFTPD team have been advised of the possibility
of such damages.
