FreeFTPD PORT Command Denial Of Service Vulnerability Network Vulnerability

Summary

This host is running FreeFTPD Server and is prone to denial of service vulnerability.

Impact

Successful exploitation allows remote attackers to crash an affected server, effectively denying service to legitimate users. Impact Level: Application

Solution

Upgrade to freeFTPd version 1.0.11 or later For updates refer to http://www.freesshd.com/?ctt=download

Insight

A NULL pointer dereferencing error exists when parsing the parameter of the PORT command. Logged on user can send a port command appended with some numbers to crash the server.

Affected

freeFTPd version 1.0.10 and prior

References

http://osvdb.org/show/osvdb/21108
http://secunia.com/advisories/17737
http://www.exploit-db.com/exploits/1339/
http://www.securityfocus.com/archive/1/417602

Updated on 2015-03-25

Severity

Classification

CVE CVE-2005-3812
CVSS Base Score: 6.8
AV:N/AC:L/Au:S/C:N/I:N/A:C

Related Vulnerabilities

Firefox XUL Parsing Denial of Service Vulnerability (Win)
FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows)
Asterisk Products Invalid SDP SIP Channel Driver DoS Vulnerability
ClamAV 'cli_pdf()' and 'cli_scanicon()' Denial of Service Vulnerabilities (Win
Cherokee POST request DoS

freeFTPD PORT Command Denial of Service Vulnerability

Take action and discover your vulnerabilities