[12499] in bugtraq
Remote DoS Attack in TransSoft's Broker Ftp Server v3.5
daemon@ATHENA.MIT.EDU (Ussr Labs)
Tue Nov 9 13:56:31 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <NCBBKFKDOLAGKIAPMILPIEJNCAAA.labs@ussrback.com>
Date: Mon, 8 Nov 1999 23:44:18 -0300
Reply-To: Ussr Labs <labs@USSRBACK.COM>
From: Ussr Labs <labs@USSRBACK.COM>
X-To: BUGTRAQ <bugtraq@securityfocus.com>
To: BUGTRAQ@SECURITYFOCUS.COM
Remote DoS Attack in TransSoft's Broker Ftp Server v3.5 Vulnerability
PROBLEM
UssrLabs found a Remote DoS Attack in TransSoft's Broker Ftp Server v3.5,
the buffer overflow is caused by a long user name 2730 characters.
If TransSoft's Broker Server is running as a service the service will start
eating all memory and all computer resource CPU 100%, at the moment of no
more memory, if this happend all system is down :(
There is not much to expand on.... just a simple hole
Example:
Go to: http://www.ussrback.com/broker35/
For the source / binary of this remote / local D.O.S
Vendor Status:
Not Contacted
Vendor Url: http://www.transsoft.com
Program Url:http://www.ftpcontrol.com/broker/index.html
Credit: USSRLABS
SOLUTION
Nothing yet.
