Gentoo Logo

Pure-FTPd: Potential DoS when maximum connections is reached

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200407-04 / Pure-FTPd
Release Date July 04, 2004
Latest Revision May 22, 2006: 02
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
net-ftp/pure-ftpd <= 1.0.18 >= 1.0.18-r1 All supported architectures

Related bugreports: #54590

Synopsis

Pure-FTPd contains a bug potentially allowing a Denial of Service attack when the maximum number of connections is reached.

2.  Impact Information

Background

Pure-FTPd is a fast, production-quality and standards-compliant FTP server.

Description

Pure-FTPd contains a bug in the accept_client function handling the setup of new connections.

Impact

When the maximum number of connections is reached an attacker could exploit this vulnerability to perform a Denial of Service attack.

3.  Resolution Information

Workaround

There is no known workaround at this time. All users are encouraged to upgrade to the latest available version.

Resolution

All Pure-FTPd users should upgrade to the latest stable version:

Code Listing 3.1: Resolution

# emerge sync

# emerge -pv ">=net-ftp/pure-ftpd-1.0.18-r1"
# emerge ">=net-ftp/pure-ftpd-1.0.18-r1"

4.  References

Print

Updated July 04, 2004

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Support OSL
Gentoo Centric Hosting: vr.org
Tek Alchemy
SevenL.net
Global Netoptex Inc.
Bytemark
Online Kredit Index
Copyright 2001-2009 Gentoo Foundation, Inc. Questions, Comments? Contact us.