EFTP newline denial of service
| eftp-newline-dos (5220) |  Medium Risk |
Description:
EFTP is vulnerable to a denial of service attack. A remote attacker can crash the server by connecting to the server with a non-FTP program, sending some characters, and then disconnecting, without sending a newline character. The server must be restarted to regain normal functionality.
Consequences:
Denial of Service
Remedy:
Upgrade to the latest version of EFTP (2.0.5.316 or later), available from the EFTP Web site. See References.
References:
- EFTP Web site: Encrypted FTP.
- SecuriTeam Mailing List, Security Holes & Exploits 9 June 2000: EFTP vulnerable to two DoS attacks.
- BID-1677: EFTP Partial Input Denial of Service Vulnerability
- CVE-2000-0871: Buffer overflow in EFTP allows remote attackers to cause a denial of service by sending a string that does not contain a newline, then disconnecting from the server.
- OSVDB ID: 409: EFTP Newline DoS
Platforms Affected:
- Khamil Landross & Zack Jones EFTP
Reported:
Sep 11, 2000
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net