Late last week, security researchers at jura.ba reported a Denial of Service vulnerability in War FTP Daemon 1.82.

The problem was rooted in the way log messages was relayed from the internal log handler to the Windows Event log when the sever was running as a Windows service. Theoretically, it could be possible to execute remote code using this vulnerability.

I am rating the vulnerability as critical.

I have updated the download page with the latest binaries. Please upgrade as soon as possible.

The newest version has one new feayure. If it crash, it will create a dumpfile in Microsofts "minidump" format. The file will be located in the %TEMP% directory for the server process.