CVE-2004-0376 in oftpdinfo

Summary

by MITRE

oftpd 0.3.6 and earlier allows remote attackers to cause a denial of service (crash) via a PORT command with a large value.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 07/12/2025

The vulnerability identified as CVE-2004-0376 affects oftpd version 0.3.6 and earlier implementations, representing a critical denial of service flaw within the FTP protocol server software. This vulnerability specifically targets the handling of PORT commands, which are fundamental components of the ftp protocol used for establishing data connections between client and server. The flaw manifests when the server receives a PORT command containing an excessively large numerical value, leading to system instability and potential complete service disruption.

The technical root cause of this vulnerability lies in inadequate input validation and parameter checking within the oftpd server implementation. When processing the PORT command, the software fails to properly validate the size or range of the port number provided by the client, allowing malicious actors to submit oversized values that exceed the server's processing capabilities. This lack of proper bounds checking creates a condition where the server's memory management or processing routines become overwhelmed, resulting in a crash or system hang that terminates the ftp service.

From an operational perspective, this vulnerability presents significant risks to organizations relying on oftpd for file transfer operations. Attackers can exploit this flaw remotely without requiring authentication, making it particularly dangerous as it can be leveraged by anyone with network access to the affected server. The denial of service impact means that legitimate users would be unable to access file transfer services, potentially disrupting business operations and creating service availability issues. The vulnerability aligns with CWE-129, which addresses improper validation of array indices and buffer overflows, and represents a classic example of input validation failure that can lead to system instability.

The attack surface for this vulnerability extends beyond simple service disruption to encompass broader operational security concerns. Organizations using oftpd versions prior to 0.3.7 face potential exposure to sustained denial of service attacks that could maintain service unavailability for extended periods. Network administrators should consider implementing network-level protections such as firewall rules that limit access to ftp ports or deploy intrusion detection systems that can identify and block suspicious PORT command patterns. The vulnerability also demonstrates the importance of keeping ftp server software updated, as version 0.3.7 and later implementations include proper input validation mechanisms that prevent such exploitation scenarios.

Security practitioners should recognize this vulnerability as part of the broader category of protocol-level attacks that can be used to compromise service availability, aligning with ATT&CK technique T1499.004 for network denial of service attacks. The flaw serves as a reminder of the critical importance of proper input validation in network services, particularly those handling user-provided data through established protocols. Organizations should conduct thorough vulnerability assessments to identify all instances of oftpd in their environments and implement immediate patches or upgrades to address this weakness. Additionally, monitoring systems should be configured to detect unusual PORT command patterns that might indicate attempted exploitation of this vulnerability, providing early warning capabilities for potential attacks targeting ftp services.

Reservation

03/31/2004

Disclosure

05/04/2004

Moderation

accepted

Entry

VDB-21836

CPE

ready

EPSS

0.01798

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!