I suspect a buffer overflow vulnerability in CesarFTP (v0.99e tested) that exists in "server.exe". When receiving a command that contains a parameter of about 1200 characters, it drops all of its sessions and server.exe terminates. However, the controller restarts the killed process. I looked in the event log -- it makes no mention of the lengthy command. Any ideas? "The reason the mainstream is thought of as a stream is because it is so shallow." - Author Unknown
This archive was generated by hypermail 2b30 : Sat Aug 31 2002 - 19:07:33 PDT