GLSA-200801-17 : Netkit FTP Server: Denial of Service

The remote host is affected by the vulnerability described in GLSA-200801-17 Netkit FTP Server: Denial of Service Venustech AD-LAB discovered that an FTP client connected to a vulnerable server with passive mode and SSL support can trigger an fclose function call on an uninitialized stream in...

CVE-2007-6263

The CVE-2007-6263 issue affects netkit-ftpd 0.17 where, after modifications to support SSL, fclose is called on an uninitialized file stream in ftpd.c. This can trigger a denial of service (daemon crash) via certain FTP over SSL behaviors, demonstrated by breaking a passive FTP DATA connection th...

CVE-2007-5894

The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 krb5 does not initialize the length variable when authtype has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the...

CVE-2007-5894

MIT Kerberos 5 (krb5) is affected by CVE-2007-5894 and related issues (CVE-2007-5902, CVE-2007-5971, CVE-2007-5972) as described in multiple advisories. The core item in CVE-2007-5894 concerns an uninitialized length variable in the gssftp ftpd handling (krb5’s GSSAPI/KDC stack), with vendor note...

BSD-derived ftpd replydirname() in ftpd.c contains one-byte overflow

Overview There is a off-by-one vulnerability in several BSD-derived ftpd servers. Description The ftp server in several BSD distributions contains a defect which allows one byte of the program memory allocated within a stack frame to be overwritten with a NUL byte '\0'. The byte in question is...