SmallFTPD Remote Denial Of Service Vulnerability
BID:9684
Info
SmallFTPD Remote Denial Of Service Vulnerability
| Bugtraq ID: | 9684 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2004-0299 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 17 2004 12:00AM |
| Updated: | Jul 12 2009 03:06AM |
| Credit: | Disclosure of this issue has been credited to "intuit e.b." <[email protected]>. |
| Vulnerable: |
smallftpd smallftpd 1.0.3 |
| Not Vulnerable: | |
Discussion
SmallFTPD Remote Denial Of Service Vulnerability
It has been reported that SmallFTPD is prone to a remote denial of service vulnerability. This issue is due to the application failing to properly validate user input.
Successful exploitation of this issue may cause the affected server to crash, denying service to legitimate users. It has been conjectured that this issue may be due to a boundary management problem that may lead to arbitrary code execution, however this has yet to be verified.
It has been reported that SmallFTPD is prone to a remote denial of service vulnerability. This issue is due to the application failing to properly validate user input.
Successful exploitation of this issue may cause the affected server to crash, denying service to legitimate users. It has been conjectured that this issue may be due to a boundary management problem that may lead to arbitrary code execution, however this has yet to be verified.
Exploit / POC
SmallFTPD Remote Denial Of Service Vulnerability
No exploit is required to leverage this issue. The following proof of concept has been provided:
ftp://www.example.com/user:[email protected]/[464 and more "/" symbols]/../../../
No exploit is required to leverage this issue. The following proof of concept has been provided:
ftp://www.example.com/user:[email protected]/[464 and more "/" symbols]/../../../
Solution / Fix
SmallFTPD Remote Denial Of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
SmallFTPD Remote Denial Of Service Vulnerability
References:
References:
- Smallftpd Homepage (Smallftpd)
- Smallftpd 1.0.3 DoS ("intuit e.b."