FreeFTPD PORT Command Denial Of Service Vulnerability Network Vulnerability

Summary

This host is running FreeFTPD Server and is prone to denial of service vulnerability.

Impact

Successful exploitation allows remote attackers to crash an affected server, effectively denying service to legitimate users. Impact Level: Application

Solution

Upgrade to freeFTPd version 1.0.11 or later For updates refer to http://www.freesshd.com/?ctt=download

Insight

A NULL pointer dereferencing error exists when parsing the parameter of the PORT command. Logged on user can send a port command appended with some numbers to crash the server.

Affected

freeFTPd version 1.0.10 and prior

References

http://osvdb.org/show/osvdb/21108
http://secunia.com/advisories/17737
http://www.exploit-db.com/exploits/1339/
http://www.securityfocus.com/archive/1/417602

Updated on 2015-03-25

Severity

Classification

CVE CVE-2005-3812

CVSS	Base Score: 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C

Related Vulnerabilities

Eggdrop 'ctcpbuf' Remote Denial Of Service Vulnerability
chm2pdf Insecure Temporary File Creation or DoS Vulnerability
Apple Safari Denial Of Service Vulnerability - Jul09
Apple Safari 'WebKit.dll' Stack Consumption Vulnerability
Firefox Browser Libxul Memory Leak Remote DoS Vulnerability - Linux

freeFTPD PORT Command Denial of Service Vulnerability

Take action and discover your vulnerabilities