I received the following e-mail.  I was travelling at the time, but put together a patch on the flight home.  It took me a couple of weeks to release it, partially due to travel and partially due to laziness.

Shane Kerr

Date: Thu, 04 Mar 2004 22:48:49 +0100
From: Philippe Oechslin <philippe.oechslin@epfl.ch>
Subject: DoS vulnerability in oftpd
To: shane@time-travellers.org

Hello Shane,

We have found a simple denial of service vulnerability in your oftpd FTP
server (v 0.3.6).


When the server receives a port command with a number that is higher than
255 the server crashes and has to be restarted manually. The port command
can even be given before the user has given a username and a password.


Denial of service. An ftp server can be taken offline with a simple telnet


telnet to ftp.server.com on port 21 and type "port 300" and return. The
server crashes.

Tested on:

- oftpd server 0.3.6 on Suse Linux 8.2

Discovered by: Andreas Rueegg and Philippe Oechslin of the Security Bug
Catcher project (http://lasecwww.epfl.ch/philippe.shtml). The security bug
catcher is a tool to automatically find vulnerabilities. We are currently
running tests on scores of FTP servers and notifying vendors when we find