Title: Nite Server FTPd Multiple DoS Vulnerabilities
Severity: MODERATE
Description:
Multiple denial of service vulnerabilities exist in Nite Server FTP daemon.
1) Requesting an unusually long string of characters in the user command will cause the daemon to utilize all available memory, leaving the server to hang.
2) If a remote user enters endless characters in the password field without ever terminating the request, the daemon allocates all available memory and denies any new connections
3) By logging on and making a request which consists of malformed data and immediately logging off, the ftp server will deny any new connections.
4) When renaming files, if the new filename provided is too long, the server will stop accepting new connections.
Affected Products:
- Thomas Krebs Nite Server 1.5.0
- Thomas Krebs Nite Server 1.6.0
- Thomas Krebs Nite Server 1.7.0
References:
- Forbidden Knowledge: Forbidden Knowledge Ezine #8
- Thomas Krebs: Nite Server Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
