Code Ocean Ocean FTP Server Remote Denial of Service Vulnerability

Bugtraq ID:	12859
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2005-0847
Remote:	Yes
Local:	No
Published:	Mar 21 2005 12:00AM
Updated:	Jul 12 2009 10:56AM
Credit:	Discovery is credited to GSS IT <[email protected]>.
Vulnerable:	Code Ocean Ocean FTP Server 1.0
Not Vulnerable:	Code Ocean Ocean FTP Server 1.0 1

Code Ocean Ocean FTP Server Remote Denial of Service Vulnerability

Ocean FTP Server is reported prone to a remote denial of service vulnerability.

It is reported that an attacker may cause the server to crash by establishing an excessive number of simultaneous connections. This may result in a crash or hang due to resource exhaustion.

Ocean FTP Server 1.0 is reported vulnerable. It is possible that other versions are affected as well.

Code Ocean Ocean FTP Server Remote Denial of Service Vulnerability

An exploit is not required to leverage this issue.

The following proof of concept is available:

• /data/vulnerabilities/exploits/ocean_poc.pl

Code Ocean Ocean FTP Server Remote Denial of Service Vulnerability

Solution:
The vendor has released Ocean FTP Server 1.01 to address this issue.


Code Ocean Ocean FTP Server 1.0

• Code Ocean Ocean FTP Server 1.01
  http://download.codeocean.com/ofs.exe

Code Ocean Ocean FTP Server Remote Denial of Service Vulnerability

References:

• Ocean FTP Server Product Page (Code Ocean)