remote denial-of-service in nkitb/nkitserv

2001-03-22T19:06:00
ID SUSE-SA:2001:07
Type suse
Reporter Suse
Modified 2001-03-22T19:06:00

Description

Two parts of the nkitb/nkitserv package are vulnerable to security related bugs. in.ftpd(8): A one-byte bufferoverflow was discovered in the OpenBSD port of the FTP daemon in.ftpd(8) several weeks ago. This bug could just be triggered by authenticated users, which have write access. This bug is believed to not be exploitable under Linux. However, we prefer to provide a fixed update package to make sure that the daemon is on the safe side. in.ftpd(8) will be invoked by inetd(8) and is activated by default.