EFTP Partial Input Denial of Service Vulnerability

EFTP is a small freeware ftp server that supports encrypted ftp written by Khamil Landross. Like most ftp servers, it parses server requests based on newline characters in the incoming data buffer. Unfortunately eftp does not take into account the possibility of recieving zero newlines before a connection is closed, leaving the software vulnerable to unpredictable behaviour if this happens. If a client connects and sends data to the ftp server without sending a newline to "terminate the request", the server will crash resulting in a denial of service.


 

Privacy Statement
Copyright 2010, SecurityFocus