FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

oftpd denial-of-service vulnerability (PORT command)

Affected packages
oftpd < 0.3.7

Details

VuXML ID 290d81b9-80f1-11d8-9645-0020ed76ef5a
Discovery 2004-03-04
Entry 2004-03-28
Modified 2004-04-05

Philippe Oechslin reported a denial-of-service vulnerability in oftpd. The oftpd server can be crashed by sending a PORT command containing an integer over 8 bits long (over 255).

References

Bugtraq ID 9980
CVE Name CVE-2004-0376
URL http://www.time-travellers.org/oftpd/oftpd-dos.html