BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

ProFTPd Denial of Service

Disclosed September 11, 2013    Zeroday : 405 days

Vulnerability Description:

A vulnerability within ProFTPd can be triggered when handling specially crafted TCP packets, causing a denial of service condition. This occurs during authentication.

Vendors:

ProFTPd

Vulnerable Software/Devices:

ProFTPd 1.3.4d and prior
ProFTPd 1.3.5rc3 and prior

Vulnerability Severity:

Medium

Exploit Availability:

No Exploit Available

Exploit Impact:

Denial of Service
Exploitation of this vulnerability will render the service on the affected system unresponsive while the memory of the system is exhausted. Attackers can continue sending malicious payloads to continue the denial of service condition indefinitely.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 30703 - ProFTPD Denial of Service (Zero-Day)

Mitigation:

Deactivate the use of keyboard interactive authentication.

Links:

CVE(s):

None