OFTPD Port Argument Denial Of Service Vulnerability
BID:9980
Info
OFTPD Port Argument Denial Of Service Vulnerability
| Bugtraq ID: | 9980 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2004-0376 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 26 2004 12:00AM |
| Updated: | Jul 12 2009 03:06AM |
| Credit: | Discovery is credited to Philippe Oechslin <[email protected]>. |
| Vulnerable: |
oftpd oftpd 0.3.6 oftpd oftpd 0.3.5 oftpd oftpd 0.3.4 oftpd oftpd 0.3.3 oftpd oftpd 0.3.2 oftpd oftpd 0.3.1 oftpd oftpd 0.3 .0 |
| Not Vulnerable: |
oftpd oftpd 0.3.7 |
Discussion
OFTPD Port Argument Denial Of Service Vulnerability
oftpd is prone to a denial of service vulnerability that may be exploited by remote, unauthenticated attackers. This issue is exposed when the server receives an FTP PORT command with a value greater than 255 as an argument.
oftpd is prone to a denial of service vulnerability that may be exploited by remote, unauthenticated attackers. This issue is exposed when the server receives an FTP PORT command with a value greater than 255 as an argument.
Exploit / POC
OFTPD Port Argument Denial Of Service Vulnerability
There is no exploit required.
There is no exploit required.
Solution / Fix
OFTPD Port Argument Denial Of Service Vulnerability
Solution:
This issue has been addressed in oftpd 0.3.7.
Gentoo Linux has released advisory GLSA 200403-08 dealing with this issue. Please see the referenced advisory for more information.
Debian Linux has released advisory DSA 473-1 dealing with this issue.
oftpd oftpd 0.3 .0
oftpd oftpd 0.3.1
oftpd oftpd 0.3.2
oftpd oftpd 0.3.3
oftpd oftpd 0.3.4
oftpd oftpd 0.3.5
oftpd oftpd 0.3.6
Solution:
This issue has been addressed in oftpd 0.3.7.
Gentoo Linux has released advisory GLSA 200403-08 dealing with this issue. Please see the referenced advisory for more information.
Debian Linux has released advisory DSA 473-1 dealing with this issue.
oftpd oftpd 0.3 .0
-
oftpd oftpd-0.3.7.tar.gz
http://www.time-travellers.org/oftpd/oftpd-0.3.7.tar.gz
oftpd oftpd 0.3.1
-
oftpd oftpd-0.3.7.tar.gz
http://www.time-travellers.org/oftpd/oftpd-0.3.7.tar.gz
oftpd oftpd 0.3.2
-
oftpd oftpd-0.3.7.tar.gz
http://www.time-travellers.org/oftpd/oftpd-0.3.7.tar.gz
oftpd oftpd 0.3.3
-
oftpd oftpd-0.3.7.tar.gz
http://www.time-travellers.org/oftpd/oftpd-0.3.7.tar.gz
oftpd oftpd 0.3.4
-
oftpd oftpd-0.3.7.tar.gz
http://www.time-travellers.org/oftpd/oftpd-0.3.7.tar.gz
oftpd oftpd 0.3.5
-
oftpd oftpd-0.3.7.tar.gz
http://www.time-travellers.org/oftpd/oftpd-0.3.7.tar.gz
oftpd oftpd 0.3.6
-
Debian oftpd_0.3.6-6_alpha.deb
Alpha architecture:
http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6_alp ha.deb -
Debian oftpd_0.3.6-6_arm.deb
ARM architecture:
http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6_arm .deb -
Debian oftpd_0.3.6-6_hppa.deb
HP Precision architecture:
http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6_hpp a.deb -
Debian oftpd_0.3.6-6_i386.deb
IA-32 architecture:
http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6_i38 6.deb -
Debian oftpd_0.3.6-6_ia64.deb
IA-64 architecture:
http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6_ia6 4.deb -
Debian oftpd_0.3.6-6_mips.deb
Big Endian MIPS architecture:
http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6_mip s.deb -
Debian oftpd_0.3.6-6_mipsel.deb
Little Endian MIPS architecture:
http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6_mip sel.deb -
Debian oftpd_0.3.6-6_powerpc.deb
PowerPC architecture:
http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6_pow erpc.deb -
Debian oftpd_0.3.6-6_s390.deb
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6_s39 0.deb -
Debian oftpd_0.3.6-6_sparc.deb
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6_spa rc.deb -
oftpd oftpd-0.3.7.tar.gz
http://www.time-travellers.org/oftpd/oftpd-0.3.7.tar.gz
References
OFTPD Port Argument Denial Of Service Vulnerability
References:
References:
- oftpd DoS Vulnerability (oftpd)
- oftpd Homepage (oftpd)