CVE-2004-0299 - SmallFTPD Remote Denial Of Service Vulnerability

Publication

2004-11-23

Last modification

2017-07-11

Summary

Buffer overflow in smallftpd 0.99 allows local users to cause a denial of service (crash) via an FTP request with a large number of "/" (slash) characters.

Description

It has been reported that SmallFTPD is prone to a remote denial of service vulnerability. This issue is due to the application failing to properly validate user input. Successful exploitation of this issue may cause the affected server to crash, denying service to legitimate users. It has been conjectured that this issue may be due to a boundary management problem that may lead to arbitrary code execution, however this has yet to be verified.

Solution

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: info@vumetric.com <mailto:info@vumetric.com>.

Exploit

No exploit is required to leverage this issue. The following proof of concept has been provided:ftp://www.example.com/user:pass@127.0.0.1/[464 and more "/" symbols]/../../../

Risk level (CVSS AV:L/AC:L/Au:N/C:N/I:N/A:P)

Low

2.1

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Smallftpd Smallftpd  1.0.3