Strumpf Noir Society Advisories ! Public release ! <--# -= QPC FTPd Directory Traversal and BoF Vulnerabilities =- Release date: Saturday, April 14, 2001 Introduction: QPC's ftpd is the ftp server component of the company's QVT/NET and QVT/Term software suites for MS Windows. The ftpd and the rest of the QVT/Net and QVT/Term product lines is available from vendor QPC's website: http://www.qpc.com Problem(s): Directory Traversal Vulnerability The ftpd daemon that ships with above mentioned packages is vulnerable to a directory traversal problem. Adding '../' (''s excluded) to a listing request ('ls') any user can gain read access to other directories than his/her own. Remote Buffer Overflow Vulnerability The ftpd daemon that ships with mentioned packages contains an unchecked buffer in the logon function. When a username or password of 655 bytes or more gets fed to the server the buffer will overflow and will trigger an access violation, after which the server dies. (..) Solution: Vendor QPC was notified but has yet to respond. This was tested against QVT/Net Ftpd 4.3, coming with the QVT/Net 5.0 and QVT/Term 5.0 suites, running on MS Win2k. yadayadayada Free sk8! (http://www.freesk8.org) SNS Research is rfpolicy (http://www.wiretrip.net/rfp/policy.html) compliant, all information is provided on AS IS basis. EOF, but Strumpf Noir Society will return!
This archive was generated by hypermail 2b30 : Mon Apr 16 2001 - 01:18:08 PDT