ProFTPd Denial of Service

Date Disclosed:
9/11/2013

Date Patched:
No patch available.

Vendor:
ProFTPd
Affected Software:

ProFTPd 1.3.4d and prior

ProFTPd 1.3.5rc3 and prior

Description:
A vulnerability within ProFTPd can be triggered when handling specially crafted TCP packets, causing a denial of service condition. This occurs during authentication.
Severity:
Moderate
Code Execution:
No.
Impact:

Denial of Service

Exploitation of this vulnerability will render the service on the affected system unresponsive while the memory of the system is exhausted. Attackers can continue sending malicious payloads to continue the denial of service condition indefinitely.

Mitigation:
Deactivate the use of keyboard interactive authentication.
Protection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

• 30703 - ProFTPD Denial of Service (Zero-Day)

Links:

• Original Advisory

Status:
2013-09-11: Original Disclosure