Remote DoS Attack in BisonWare FTP Server V3.5 Vulnerability

From: Ussr Labs (labsat_private)
Date: Wed Nov 24 1999 - 17:55:02 PST

Next message: Matt Conover: "[w00giving '99 #6]: UnixWare 7's Xsco"

Previous message: Matt Conover: "[w00giving '99 #5 and w00news]: UnixWare 7's su"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Remote DoS Attack in BisonWare FTP Server V3.5 Vulnerability

PROBLEM

UssrLabs found a Local/Remote DoS Attack in BisonWare FTP Server V3.5,
the buffer overflow is caused by a long user name,  2000 characters,

There is not much to expand on.... just a simple hole

Example:

Go to: http://www.ussrback.com/biftps35/

For the source / binary of this remote / local D.O.S

Vendor Status:
Contacted.

Vendor   Url: http://ourworld.compuserve.com/homepages/nick_barnes/
Program Url:
http://ourworld.compuserve.com/homepages/nick_barnes/ftpserve.htm

Credit: USSRLABS

SOLUTION
    Nothing yet.


u n d e r g r o u n d  s e c u r i t y  s y s t e m s  r e s e a r c h
http://www.ussrback.com

Next message: Matt Conover: "[w00giving '99 #6]: UnixWare 7's Xsco"
Previous message: Matt Conover: "[w00giving '99 #5 and w00news]: UnixWare 7's su"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:14:24 PDT