SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Your Ad Here
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (File Transfer/Sharing)  >  in.ftpd Vendors:  Sun
Sun Solaris 'in.ftpd' FTP Server Can Be Temporarily Hung By Remote Users
SecurityTracker Alert ID:  1005996
SecurityTracker URL:  http://securitytracker.com/id?1005996
CVE Reference:  CVE-2003-1075   (Links to External Site)
Updated:  Jun 15 2008
Original Entry Date:  Jan 28 2003
Impact:  Denial of service via local system, Denial of service via network
Vendor Confirmed:  Yes  
Description:  A denial of service vulnerability was reported in the Sun Solaris in.ftpd(1M) FTP server. A remote user can disrupt certain FTP services.

Sun reported that a remote authenticated user, including an anonymous user, may be able to disrupt active mode FTP services by sending commands in a particular manner. The specific method was not disclosed.

According to the report, each command sent in this fashion will cause the FTP server to stop responding to commands from other active mode FTP clients for a period of time (60 seconds in a default configuration).

Sun notes that Solaris 2.5.1 will not be evaluated to determine if it is affected or not.
Impact:  A remote authenticated user (including an anonymous user) can disrupt active mode FTP sessions.
Solution:  No solution was available at the time of this entry. Sun is reportedly working on a resolution.
Vendor URL:  sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50240 (Links to External Site)
Cause:  State error
Underlying OS:  UNIX (Solaris - SunOS)
Underlying OS Comments:  Solaris 2.6, 7, 8, and 9

Message History:   This archive entry has one or more follow-up message(s) listed below.
Feb 21 2003 (Sun Issues T-Patches) Re: Sun Solaris 'in.ftpd' FTP Server Can Be Temporarily Hung By Remote Users
Sun has released some temporary patches.


 Source Message Contents
Date:  Tue, 28 Jan 2003 15:09:38 -0500
Subject:  Sun Solaris FTP Server bug

 

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50240

Sun issued Alert 50240 warning of a denial of service flaw in the Solaris FTP Server (in.ftpd(1M)).

A remote user may be able to disrupt active mode FTP services by sending commands in a particular
manner (the specifics were not disclosed).  Each command sent in this fashion will reportedly cause
the FTP server to stop responding to commands from other active mode FTP clients for a period of
time.

The following versions are affected:  Solaris 2.6, 7, 8, and 9

Sun notes that Solaris 2.5.1 will not be evaluated to determine if it is affected or not.

Sun is working on a final resolution.

-----

Sun Alert ID: 50240 
Synopsis: Solaris FTP Server (in.ftpd(1M)) is Vulnerable to Denial of Service Attack 
Category: Security 
Product: Solaris 
BugIDs: 4714534 
Avoidance: Workaround 
State: Committed 
Date Released: 27-Jan-2003 
Date Closed: 
Date Modified:


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2007, SecurityGlobal.net LLC