Title: Solaris in.ftpd Remote Denial of Service Vulnerability
Severity: MODERATE
Description:
in.ftpd is the default File Transfer Protocol (FTP) daemon used by Solaris.
A vulnerability has been discovered in the Solaris in.ftpd daemon. It has been reported that a non-privileged remote attacker may be able to trigger this condition. It has not yet been verified if authentication is required to exploit this vulnerability.
A malicious user exploiting this vulnerability may cause the ftp service to intermittently deny service to other legitimate users. This condition will occur whenever the attacking ftp client issues a command and will cause the service to hang for roughly 60 seconds. During this time legitimate users may time out of their connection to the service.
The technical details regarding this vulnerability are currently unknown. This BID will be updated as further details are made available.
Affected Products:
- Sun Solaris 2.6
- Sun Solaris 2.6_x86
- Sun Solaris 7.0
- Sun Solaris 7.0_x86
- Sun Solaris 8
- Sun Solaris 8_x86
- Sun Solaris 9
- Sun Solaris 9_x86
References:
- Sun: Sun Alert ID: 50240
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
