Nite FTPd Server DoS

Nite FTPd Server DoS
Reported May 19 by Wyzewun

Nite FTPd Server


This Nite FTPd server is coded in Visual Basic and is vulnerable to several denial of service conditions.

When the daemon is sent 40 or more "USER" commands the system runs out of memory and crashes.

When a password command (PASS) is not terminated and the service is continually sent characters, the system will allocate memory for those characters until it runs out of memory. 

By sending the service a "PORT" command followed by an immediate client disconnect FTP service will stop accepting connections.

By sending a long parameter with RNTO command, the server will stop accepting connections.


The vendor is aware of this matter, however no response was known at the time of this writing.

Discovered and reported by Wyzewun

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.