COMMAND

    ftpd

SYSTEMS AFFECTED

    OS/2 Warp 4.5 FTP Server (V4.0/4.2, 4.3, others?)

PROBLEM

    Followig is based on VIGILANTE-2000006 Security Advisory.  The FTP
    server that comes with OS/2 Warp 4.5 TCP/IP can be brought down by
    a malicious connection attempt.

    The vendor has released the patch for the problem and it  contains
    the   following    explanation    of   the    problem:    "Sending
    username/password followed immediately  by up to  1k of data  when
    connecting to FTP via Telnet, can cause a trap. ".  During testing
    Vigilante found that an initial connection attempt (using sockets,
    telnet, ftp etc.) using an invalid username/password  combination,
    followed by a second attempt where the userfield was exceptionally
    long (256 bytes) would crash the service.

SOLUTION

    In case you are using a  version prior to 4.3, please contact  IBM
    support for further  assistance.  If  you are using  v4.3, you can
    get the patch at the following URL:

        ftp://ftp.software.ibm.com/ps/products/tcpip/fixes/v4.3os2/ic27721/