CVE-2009-5141

Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 allows remote authenticated users to cause a denial of service (crash) via format string specifiers in a LIST command.

Weakness

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Affected Software

Name	Vendor	Start Version	End Version
Warftpd	Jgaa	1.8.2-rc12 (including)	1.8.2-rc12 (including)

Potential Mitigations

References

http://archives.neohapsis.com/archives/bugtraq/2009-09/0105.html
http://www.exploit-db.com/exploits/9622
http://www.osvdb.org/62599
http://www.warftp.org/index.php?menu=338\u0026cmd=show_article\u0026article_id=1003
https://www.corelan.be/index.php/forum/security-advisories-archive-2009/corelan-09001-warftpd-1-82-rc12-dos/
http://archives.neohapsis.com/archives/bugtraq/2009-09/0105.html
http://www.exploit-db.com/exploits/9622
http://www.osvdb.org/62599
http://www.warftp.org/index.php?menu=338\u0026cmd=show_article\u0026article_id=1003
https://www.corelan.be/index.php/forum/security-advisories-archive-2009/corelan-09001-warftpd-1-82-rc12-dos/

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-5141
CWE	https://cwe.mitre.org/data/definitions/134.html

Use of Externally-Controlled Format String

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References