PublicDate: 2007-10-09 18:17:00 UTC
Candidate: CVE-2007-5300
References: 
 https://launchpad.net/bugs/151946
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5300
Description:
 Off-by-one error in the do_login_loop function in libwzd-core/wzd_login.c
 in wzdftpd 0.8.0, 0.8.2, and possibly other versions allows remote
 attackers to cause a denial of service (daemon crash) via a long USER
 command that triggers a stack-based buffer overflow.  NOTE: some of these
 details are obtained from third party information.
Ubuntu-Description: 
Notes: 
 jdstrand> appears a patch for Gutsy was commited on 2007/10/12
Bugs: 
 https://bugs.launchpad.net/bugs/180978
Priority: low
Discovered-by:
Assigned-to: 
CVSS: 
Patches_wzdftpd:
 vendor: http://www.debian.org/security/2008/dsa-1452
upstream_wzdftpd: needs-triage
dapper_wzdftpd: released (0.6.1-1ubuntu1.1)
edgy_wzdftpd: released (0.7.2-4ubuntu0.1)
feisty_wzdftpd: released (0.8.1-2ubuntu0.1)
gutsy_wzdftpd: released (0.8.2-2ubuntu2)
devel_wzdftpd: released (0.8.2-2ubuntu2)