Telnet-FTP Server Remote Denial of Service Vulnerability

Bugtraq ID:	21340
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2006-6241
Remote:	Yes
Local:	No
Published:	Nov 29 2006 12:00AM
Updated:	Mar 23 2009 10:46PM
Credit:	Parvez Anwar is credited with the discovery of this vulnerability.
Vulnerable:	Telnet FTP Server Telnet FTP Server 1.0
Not Vulnerable:

Telnet-FTP Server Remote Denial of Service Vulnerability

Telnet-Ftp Server is prone to a remote denial-of-service vulnerability because it fails to properly handle user-supplied input.

Exploiting this issue allows remote attackers to crash affected servers, denying service to legitimate users.

Telnet-Ftp Server 1.0 build 1.250 is confirmed vulnerable; other versions may be affected as well.

Telnet-FTP Server Remote Denial of Service Vulnerability

Attackers may use readily available network utilities to exploit this issue.

The following exploit code is available:

• /data/vulnerabilities/exploits/Telnet-Ftp-Salwan.c

Telnet-FTP Server Remote Denial of Service Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Telnet-FTP Server Remote Denial of Service Vulnerability

References:

• Telnet-FTP Server Homepage (Slimbyte)