Gentoo Logo

Pure-FTPd: Potential DoS when maximum connections is reached


1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200407-04 / Pure-FTPd
Release Date July 04, 2004
Latest Revision May 22, 2006: 02
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
net-ftp/pure-ftpd <= 1.0.18 >= 1.0.18-r1 All supported architectures

Related bugreports: #54590


Pure-FTPd contains a bug potentially allowing a Denial of Service attack when the maximum number of connections is reached.

2.  Impact Information


Pure-FTPd is a fast, production-quality and standards-compliant FTP server.


Pure-FTPd contains a bug in the accept_client function handling the setup of new connections.


When the maximum number of connections is reached an attacker could exploit this vulnerability to perform a Denial of Service attack.

3.  Resolution Information


There is no known workaround at this time. All users are encouraged to upgrade to the latest available version.


All Pure-FTPd users should upgrade to the latest stable version:

Code Listing 3.1: Resolution

# emerge sync

# emerge -pv ">=net-ftp/pure-ftpd-1.0.18-r1"
# emerge ">=net-ftp/pure-ftpd-1.0.18-r1"

4.  References


Page updated July 04, 2004

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2015 Gentoo Foundation, Inc. Questions, Comments? Contact us.