Nite FTPd Server DoS

 
Nite FTPd Server DoS
Reported May 19 by Wyzewun

VERSIONS EFFECTED
Nite FTPd Server

DESCRIPTION

This Nite FTPd server is coded in Visual Basic and is vulnerable to several denial of service conditions.

When the daemon is sent 40 or more "USER" commands the system runs out of memory and crashes.

When a password command (PASS) is not terminated and the service is continually sent characters, the system will allocate memory for those characters until it runs out of memory. 

By sending the service a "PORT" command followed by an immediate client disconnect FTP service will stop accepting connections.

By sending a long parameter with RNTO command, the server will stop accepting connections.

VENDOR RESPONSE

The vendor is aware of this matter, however no response was known at the time of this writing.

CREDITS
Discovered and reported by Wyzewun

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish