COMMAND

    ftpd

SYSTEMS AFFECTED

    GoodTech's FTP Server dated before 26/08/2000 (3.0.1, and 3.0)

PROBLEM

    Aviram Jenik found  following.  GoodTech's  FTP Server contains  a
    security hole  that allows  a remote  user to  launch a  Denial of
    Service attack against  the product just  by sending a  simple FTP
    command.

    By issuing a RNTO command to GoodTech's FTP Server it is  possible
    to cause  it to  hang, effectively  blocking the  listening socket
    thread.   If done  enough times  this can  be used  to exhaust all
    available sockets of the  server, effectively causing a  Denial of
    Service attack.

    The security hole was discovered by SecuriTeam.

SOLUTION

    FTP Server dated 26/08/2000 and later.