Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200403-08] oftpd DoS vulnerability Vulnerability Scan
Vulnerability Scan Summary
oftpd DoS vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200403-08
(oftpd DoS vulnerability)
Issuing a port command with a number higher than 255 causes the server to
crash. The port command may be issued before any authentication takes
place, meaning the attacker does not need to know a valid username and
password in order to exploit this vulnerability.
This exploit causes a denial of service.
While a workaround is not currently known for this issue, all users are
advised to upgrade to the latest version of the affected package.
All users should upgrade to the current version of the affected package:
# emerge sync
# emerge -pv ">=net-ftp/oftpd-0.3.7"
# emerge ">=net-ftp/oftpd-0.3.7"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.