Title: ProFTPD USER Remote Denial of Service Vulnerability
Severity: HIGH
Description:
A memory leak has been reported in all versions of ProFTPd.
The USER FTP command causes the server to misallocate and leak small amounts of memory each time the command is executed.
If a sufficient number of these commands are executed by the server, substantial amounts of system memory can be consumed, allowing a remote attacker to carry out a denial of service attack on the affected host.
This could be problematic if anonymous FTP is enabled or if a malicious local user has been supplied with an FTP login ID.
Affected Products:
- ProFTPD Project ProFTPD 1.2.0pre10
- ProFTPD Project ProFTPD 1.2.0pre11
- ProFTPD Project ProFTPD 1.2.0pre2
- ProFTPD Project ProFTPD 1.2.0pre3
- ProFTPD Project ProFTPD 1.2.0pre4
- ProFTPD Project ProFTPD 1.2.0pre5
- ProFTPD Project ProFTPD 1.2.0pre6
- ProFTPD Project ProFTPD 1.2.0pre7
- ProFTPD Project ProFTPD 1.2.0pre8
- ProFTPD Project ProFTPD 1.2.0pre9
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
