SecuriTeam - EFTP vulnerable to two DoS attacks

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam
Beyond Security

SecuriTeam Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

Black Box Testing
Vulnerability Assessment
Vulnerability Scanner

	SecuriTeam in Your Inbox

	E-mail this article to a friend

New vulnerability?
New tool?
Tell us

EFTP is an FTP server and client solution that allows encrypted FTP connections between the providing FTP server and the client. The product contains two security vulnerabilities that allow a remote attacker to cause a Denial of Service attack against the product.

Credit:
The security hole was discovered by SecuriTeam.

Protect your website!
Use an External Vulnerability Scanner!
Nothing to install. First report in 1 hour!
www.beyondsecurity.com/vulnerability-scanner

First attack:
Send a buffer of 2100 characters upon connection will crash the server.

Second attack:
Connect to the server with a non-FTP program (something you write by yourself). Send some characters, and disconnect without sending a '\r\n'. The server will crash immediately.

Solution:
Version 2.0.5.316 of EFTP fixes this problem, and can be downloaded from: www.eftp.org.

	Opera file:// Overflow
	Stack-Based Buffer Overflow in the Network Manager of Castle Rock Computing (SNMPc)
	PacketTrap TFTPD DoS
	Vulnerability in Server Service Allows Code Execution (MS08-067, PoC)
	Microsoft Windows AFD.sys Privilege Escalation (Kartoffel Plugin, Exploit, MS08-066)
	Token Kidnapping Windows 2003 (Exploit)
	GuildFTPd CWD and LIST Heap Corruption PoC/DoS (Exploit)
	NoticeWare E-mail Sever (POP3) Pre-Auth DoS
	vxFtpSrv CWD Command Overflow
	DESlock+ Local Denial of Service (Exploit)
	Chilkat XML ActiveX Arbitrary File Creation/Execution
	Postfix Local Denial of Service (PIPE, Exploit)
	Debian Sarge Multiple IMAP Server DoS (debianimapers.c)
	Sagem Routers F@ST Remote CSRF Exploit (DHCP Hostname Attack)
	fhttpd Malformed Authorization Denial of Service