Remote DoS Attack in QVT/Term 'Plus' 4.2d FTP Server Vulnerability

From: Ussr Labs (labsat_private)
Date: Tue Nov 09 1999 - 23:09:23 PST

Next message: Olaf Kirch: "Re: undocumented bugs - nfsd"

Previous message: Ejovi Nuwere: "(no subject)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Remote DoS Attack in QVT/Term 'Plus' 4.2d FTP Server Vulnerability

PROBLEM

UssrLabs found a Local/Remote DoS Attack in QVT/Term 'Plus' 4.2d FTP Server,
the buffer overflow is caused by a long user name / password,  2000
characters,
and the re-connection to the Ftp Server.


There is not much to expand on.... just a simple hole

Example:

Go to: http://www.ussrback.com/qvtfs42/

For the source / binary of this remote / local D.O.S


Vendor Status:
Not Contacted

Vendor   Url: http://www.qpc.com
Program Url:http://www.qpc.com

Credit: USSRLABS

SOLUTION
    Nothing yet.

Next message: Olaf Kirch: "Re: undocumented bugs - nfsd"
Previous message: Ejovi Nuwere: "(no subject)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:10:58 PDT