SecurityTracker Alert ID: 1014413 SecurityTracker URL: http://securitytracker.com/id?1014413 CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site) Date: Jul 7 2005 Impact: Denial of service via network, Execution of arbitrary code via network, User access via network Exploit Included: Yes Version(s): 0.3.7 Description: A vulnerability was reported in oftpd. A remote user can cause the FTP service to crash or potentially execute arbitrary code. A remote user can supply a specially crafted FTP USER command to trigger a buffer overflow. A demonstration exploit FTP command is provided: user \0\0\0\0\0\ (much larger string) new.security@gmail.com is credited with discovering this vulnerability. Impact: A remote user can cause the target FTP service to crash or potentially execute arbitrary code. Solution: No solution was available at the time of this entry. Vendor URL: www.time-travellers.org/oftpd/ (Links to External Site) Cause: Boundary error ____________ eradicator, pls verify/advise since no newer upstream version seems to be available
is there any more info ? the reproduce case looks a bit fuzzy and the 0.3.7 code includes buffer length checking ...
concur with spanky, i cant see how this would work. "user \0\0\0\0\0\ (much larger string)" I've tried to interpret this a number of ways, but failed to reproduce.
Yeah, I can't reproduce it... I'd like to see a complete tcpdump of the session or something more to go on...
Closing as invalid after contacting the guy who discovered the "vulnerability" via email. Actually his client was segfaulting, not oftpd.
