In response to Luck Martins' report of a buffer overflow in WFTPD 2.40 and 2.34, we can confirm that this error does exist. Our initial tests suggest that it is more of a 'denial-of-service' nature, rather than an exploit allowing an attacker to load their own code into memory - the access that generates the fault is overwriting a single null byte into heap space, rather than stack space. We've been working on this problem over the weekend, coinciding as it has with our intent to release a new version, 2.41, early this week. We are completing regression testing and beta testing and will be releasing the new version later today. Alun Jones President, Texas Imperial Software.
