[12515] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Remote DoS Attack in QVT/Term 'Plus' 4.2d FTP Server Vulnerability

daemon@ATHENA.MIT.EDU (Ussr Labs)
Wed Nov 10 14:10:33 1999

Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id:  <NCBBKFKDOLAGKIAPMILPAEKHCAAA.labs@ussrback.com>
Date:         Wed, 10 Nov 1999 04:09:23 -0300
Reply-To: Ussr Labs <labs@USSRBACK.COM>
From: Ussr Labs <labs@USSRBACK.COM>
X-To:         BUGTRAQ <bugtraq@securityfocus.com>
To: BUGTRAQ@SECURITYFOCUS.COM

Remote DoS Attack in QVT/Term 'Plus' 4.2d FTP Server Vulnerability

PROBLEM

UssrLabs found a Local/Remote DoS Attack in QVT/Term 'Plus' 4.2d FTP Server,
the buffer overflow is caused by a long user name / password,  2000
characters,
and the re-connection to the Ftp Server.


There is not much to expand on.... just a simple hole

Example:

Go to: http://www.ussrback.com/qvtfs42/

For the source / binary of this remote / local D.O.S


Vendor Status:
Not Contacted

Vendor   Url: http://www.qpc.com
Program Url:http://www.qpc.com

Credit: USSRLABS

SOLUTION
    Nothing yet.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[12515] in bugtraq

Remote DoS Attack in QVT/Term 'Plus' 4.2d FTP Server Vulnerability

daemon@ATHENA.MIT.EDU (Ussr Labs)Wed Nov 10 14:10:33 1999

daemon@ATHENA.MIT.EDU (Ussr Labs)
Wed Nov 10 14:10:33 1999