[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : EFTP vulnerable to two DoS attacks

Title: EFTP vulnerable to two DoS attacks
Released by: SecuriTeam
Date: 11th September 2000
Printable version: Click here
The following security advisory is sent to the securiteam mailing list, and

can be found at the SecuriTeam web site: http://www.securiteam.com

EFTP vulnerable to two DoS attacks



 <http://www.eftp.org/> EFTP is an FTP server and client solution that

allows encrypted FTP connections between the providing FTP server and the

client. The product contains two security vulnerabilities that allow a

remote attacker to cause a Denial of Service attack against the product.


First attack:

Send a buffer of 2100 characters upon connection will crash the server.

Second attack:

Connect to the server with a non-FTP program (something you write by

yourself). Send some characters, and disconnect without sending a '\r\n'.

The server will crash immediately.

Vendor status:

Vendor was contacted on the 26th of August; no response was received since



The security hole was discovered by  




The information in this bulletin is provided "AS IS" without warranty of any


In no event shall we be liable for any damages whatsoever including direct,

indirect, incidental, consequential, loss of business profits or special




Aviram Jenik

Beyond Security Ltd.



(C) 1999-2000 All rights reserved.