Date: Thu, 04 Mar 2004 22:48:49 +0100
From: Philippe Oechslin <firstname.lastname@example.org>
Subject: DoS vulnerability in oftpd
We have found a simple denial of service vulnerability in your oftpd FTP
server (v 0.3.6).
When the server receives a port command with a number that is higher than
255 the server crashes and has to be restarted manually. The port command
can even be given before the user has given a username and a password.
Denial of service. An ftp server can be taken offline with a simple telnet
telnet to ftp.server.com on port 21 and type "port 300" and return. The
- oftpd server 0.3.6 on Suse Linux 8.2
Discovered by: Andreas Rueegg and Philippe Oechslin of the Security Bug
Catcher project (http://lasecwww.epfl.ch/philippe.shtml). The security bug
catcher is a tool to automatically find vulnerabilities. We are currently
running tests on scores of FTP servers and notifying vendors when we find