COMMAND

    EFTP

SYSTEMS AFFECTED

    EFTP

PROBLEM

    Aviram Jenik found  following.  EFTP  is an FTP  server and client
    solution  that  allows  encrypted  FTP  connections  between   the
    providing FTP  server and  the client.   The product  contains two
    security vulnerabilities that allow  a remote attacker to  cause a
    Denial of Service attack against the product.

    First attack:  send a  buffer of  2100 characters  upon connection
    will crash the server.

    Second  attack:  connect  to  the  server  with  a non-FTP program
    (something  you  write  by  yourself).   Send some characters, and
    disconnect  without  sending  a  '\r\n'.   The  server  will crash
    immediately.

    The security hole was discovered by SecuriTeam.

SOLUTION

    Vendor  was  contacted  on  the  26th  of  August; no response was
    received since then.