[12637] in bugtraq
Re: Remote D.o.S Attack in G6 FTP Server v2.0 (beta 4/5)
daemon@ATHENA.MIT.EDU (Seth R Arnold)
Thu Nov 18 00:12:10 1999
Mail-Followup-To: BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19991117115142.Q27411@willamette.edu>
Date: Wed, 17 Nov 1999 11:51:42 -0800
Reply-To: Seth R Arnold <sarnold@WILLAMETTE.EDU>
From: Seth R Arnold <sarnold@WILLAMETTE.EDU>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <NCBBKFKDOLAGKIAPMILPKEMFCAAA.labs@ussrback.com>; from Ussr Labs
on Wed, Nov 17, 1999 at 03:22:09AM -0300
USSR Labs: I can't speak for anyone but myself, but I would imagine the
vendor would like to know about these things in advance of bugtraq.
I know this is a long-standing debate, but IMHO bugtraq should likely be
reserved for "this company doesn't care about its products, maybe this will
help them care." as well as notifications that there are typos/thinkos in
programs that allow for security compromises, and the availability of
patches.
(Don't get me wrong -- I *loved* reading the recent 'how to exploit alphas'
and other step-by-step this-is-how-we-cracked-it postings! :)
But, to me, it seems a bit cruel, or irresponsible, to post to bugtraq
without at least attempting to contact the company first -- even if it is as
mundane as 'webmaster@company.com' or (more likely better-staffed)
'sales@company.com'.
(And yes, perhaps it is a bit cruel or irresponsible that the vendor didn't
first code-audit to make sure simple buffer overflows don't exist.)
$0.02.
On Wed, Nov 17, 1999 at 03:22:09AM -0300, Ussr Labs wrote:
> Remote D.o.S Attack in G6 FTP Server v2.0 (beta 4/5) Vulnerability
>
> PROBLEM
>
> UssrLabs found a Local/Remote DoS Attack in G6 FTP Server v2.0 (beta 4/5),
> the buffer overflow is caused by a long user name, 2000 characters.
> the G6FTP start to do infinites loops in the main program,and start eating
> all memory and all computer resource CPU 100%, at the moment of no more
> memory, if this happend ALL System is down :(
>
> Example:
> [gimmemore@itsme]$ telnet example.com 21
> Trying example.com...
> Connected to example.com.
> Escape character is '^]'.
> 220-G6 FTP Server v2.0 (beta 5) ready ...
> USER {buffer)
>
> Binary/Source for this D.O.S:
>
> http://www.ussrback.com/g6ftp/
>
>
> Where buffer is 2000 characters.
>
> Vendor Status:
> Not Contacted
>
> Vendor Url: http://www.gene6.com/
> Program Url: http://www.gene6.com/g6ftpd/download.html
>
> Credit: USSRLABS
>
> SOLUTION
> Nothing yet.
>
> u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h
> http://WWW.USSRBACK.COM
--
Seth Arnold | http://www.willamette.edu/~sarnold/
Hate spam? See http://maps.vix.com/rbl/ for help
Hi! I'm a .signature virus! Copy me into
your ~/.signature to help me spread!
