blob: c3b12c6960143b063033e59a0739588912583ba3 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200701-09">
<title>oftpd: Denial of Service</title>
An assertion in oftpd could lead to a denial of service vulnerability.
<product type="ebuild">oftpd</product>
<announced>January 15, 2007</announced>
<revised>January 15, 2007: 01</revised>
<package name="net-ftp/oftpd" auto="yes" arch="*">
<unaffected range="ge">0.3.7-r3</unaffected>
<vulnerable range="lt">0.3.7-r3</vulnerable>
oftpd is a small, anonymous only ftp daemon.
By specifying an unsupported address family in the arguments to a LPRT
or LPASV command, an assertion in oftpd will cause the daemon to abort.
<impact type="normal">
Remote, unauthenticated attackers may be able to terminate any oftpd
process, denying service to legitimate users.
There is no known workaround at this time.
All oftpd users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=net-ftp/oftpd-0.3.7-r3&quot;</code>
<uri link="">CVE-2006-6767</uri>
<metadata tag="submitter" timestamp="Sun, 14 Jan 2007 22:33:02 +0000">
<metadata tag="bugReady" timestamp="Sun, 14 Jan 2007 23:05:10 +0000">