[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : GoodTech's FTP Server vulnerable to a DoS (RNTO)

Title: GoodTech's FTP Server vulnerable to a DoS (RNTO)
Released by: SecuriTeam
Date: 30th August 2000
Printable version: Click here
GoodTech's FTP Server vulnerable to a DoS (RNTO)

----------------------------------------------------------------------------







SUMMARY



 <http://www.goodtechsys.com/> GoodTech's FTP Server contains a security

hole that allows a remote user to launch a Denial of Service attack

against the product just by sending a simple FTP command.



DETAILS



Vulnerable systems:

FTP Server dated before 26/08/2000 (3.0.1, and 3.0)



Immune systems:

FTP Server dated 26/08/2000 and later



By issuing a RNTO command to GoodTech's FTP Server it is possible to cause

it to hang, effectively blocking the listening socket thread. If done

enough times this can be used to exhaust all available sockets of the

server, effectively causing a Denial of Service attack.



Patch:

The immune version can be downloaded from:

http://www.goodtechsys.com/predownload.asp





ADDITIONAL INFORMATION



The security hole was discovered by SecuriTeam (expert@securiteam.com).





====================

DISCLAIMER:

The information in this bulletin is provided "AS IS" without warranty of any

kind.

In no event shall we be liable for any damages whatsoever including direct,

indirect, incidental, consequential, loss of business profits or special

damages.

====================





--

Aviram Jenik

Beyond Security Ltd.

http://www.BeyondSecurity.com

http://www.SecuriTeam.com








(C) 1999-2000 All rights reserved.