Several problems with use of uninitialized variables were reported by VenusTech for netkit ftpd (server) and ftp (client). Those problem can cause ftpd or ftp to crash. References: http://bugs.gentoo.org/show_bug.cgi?id=199206
Created attachment 273771 [details] Original advisory text
Only netkit ftp client is shipped with Red Hat Enterprise Linux and Fedora. Problematic code possibly causing ftp client crash was introduced in the fix for bug #122295, which fixes other possible client crashes. This patch is included in ftp packages as shipped with Red Hat Enterprise Linux 4 and 5. In Fedora, this problem was already fixed thanks to bug #251074.
Red Hat does not consider a user assisted client crash such as this to be a security flaw.
Separate CVE ids were assigned by Mitre to ftp (client) and ftpd (server) issues: CVE-2007-5769 Double-free vulnerability in the getreply function in ftp.c in netkit ftp (netkit-ftp) 0.17 20040614 and later allows remote FTP servers to cause a denial of service (application crash) and possibly have unspecified other impact via some types of FTP protocol behavior. NOTE: the netkit-ftpd issue is covered by CVE-2007-6263. CVE-2007-6263 The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, when certain modifications to support SSL have been introduced, calls fclose on an uninitialized file stream, which allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via some types of FTP over SSL protocol behavior, as demonstrated by breaking a passive FTP DATA connection in a way that triggers an error in the server's SSL_accept function. NOTE: the netkit ftp issue is covered by CVE-2007-5769. netkit ftpd is not shipped with Red Hat Enterprise Linux or Fedora.