Nite FTPd Server DoS
Reported May 19 by Wyzewun
Nite FTPd Server
This Nite FTPd server is coded in Visual Basic and is vulnerable to several denial
of service conditions.
When the daemon is sent 40 or more "USER"
commands the system runs out of memory and crashes.
When a password command (PASS) is not terminated and the service is continually sent
characters, the system will allocate memory for those characters until it runs out of
By sending the service a "PORT" command followed
by an immediate client disconnect FTP service will stop accepting connections.
By sending a long parameter with RNTO command, the server will stop accepting connections.
The vendor is aware of this matter, however no response was known at
the time of this writing.
Discovered and reported by Wyzewun