[12644] in bugtraq

home help back first fref pref prev next nref lref last post

Re: Remote D.o.S Attack in G6 FTP Server v2.0 (beta 4/5)

daemon@ATHENA.MIT.EDU (Marc)
Thu Nov 18 12:24:30 1999

Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-Id:  <BBEEIOOOKPLJPFDIJCBMEEJECAAA.Marc@eEye.com>
Date:         Wed, 17 Nov 1999 22:32:51 -0800
Reply-To: Marc <Marc@EEYE.COM>
From: Marc <Marc@EEYE.COM>
X-To:         BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <19991117115142.Q27411@willamette.edu>

I just got done talking to the USSR Labs guys...

I've talk to them in the past about their advisories to try to help them out
to make them a little more "clean" etc...

| > Vendor Status:
| > Not Contacted

English is basically not their first language and they ment to say "Not
Contacted" as in the vendor did not reply to their eMail that they sent
about the hole.

but anyways USSR will be contacting each vendor who's software they find a
hole in and giving them a week to respond to them etc... They were already
doing this for most of them they gave a few days to wait for a response but
most vendors didn't respond.

I'm going to be over viewing most of their advisories to make sure vendors
are contacted and things get done "correctly, whatever that is."

Signed,
Marc
eEye Digital Security Team
http://www.eEye.com


| -----Original Message-----
| From: Bugtraq List [mailto:BUGTRAQ@SECURITYFOCUS.COM]On Behalf Of Seth R
| Arnold
| Sent: Wednesday, November 17, 1999 11:52 AM
| To: BUGTRAQ@SECURITYFOCUS.COM
| Subject: Re: Remote D.o.S Attack in G6 FTP Server v2.0 (beta 4/5)
| Vulnerability
|
|
| USSR Labs: I can't speak for anyone but myself, but I would imagine the
| vendor would like to know about these things in advance of bugtraq.
|
| I know this is a long-standing debate, but IMHO bugtraq should likely be
| reserved for "this company doesn't care about its products, maybe
| this will
| help them care." as well as notifications that there are typos/thinkos in
| programs that allow for security compromises, and the availability of
| patches.
|
| (Don't get me wrong -- I *loved* reading the recent 'how to
| exploit alphas'
| and other step-by-step this-is-how-we-cracked-it postings! :)
|
| But, to me, it seems a bit cruel, or irresponsible, to post to bugtraq
| without at least attempting to contact the company first -- even
| if it is as
| mundane as 'webmaster@company.com' or (more likely better-staffed)
| 'sales@company.com'.
|
| (And yes, perhaps it is a bit cruel or irresponsible that the
| vendor didn't
| first code-audit to make sure simple buffer overflows don't exist.)
|
| $0.02.
|
| On Wed, Nov 17, 1999 at 03:22:09AM -0300, Ussr Labs wrote:
| > Remote D.o.S Attack in G6 FTP Server v2.0 (beta 4/5) Vulnerability
| >
| > PROBLEM
| >
| > UssrLabs found a Local/Remote DoS Attack in G6 FTP Server v2.0
| (beta 4/5),
| > the buffer overflow is caused by a long user name,  2000 characters.
| > the G6FTP start to do infinites loops in the main program,and
| start eating
| > all memory and all computer resource CPU 100%, at the moment of no more
| > memory, if this happend ALL System is down :(
| >
| > Example:
| > [gimmemore@itsme]$ telnet example.com 21
| > Trying example.com...
| > Connected to example.com.
| > Escape character is '^]'.
| > 220-G6 FTP Server v2.0 (beta 5) ready ...
| > USER {buffer)
| >
| > Binary/Source for this D.O.S:
| >
| > http://www.ussrback.com/g6ftp/
| >
| >
| > Where buffer is 2000 characters.
| >
| > Vendor Status:
| > Not Contacted
| >
| > Vendor   Url:  http://www.gene6.com/
| > Program Url: http://www.gene6.com/g6ftpd/download.html
| >
| > Credit: USSRLABS
| >
| > SOLUTION
| >     Nothing yet.
| >
| > u n d e r g r o u n d  s e c u r i t y  s y s t e m s  r e s e a r c h
| > http://WWW.USSRBACK.COM
|
| --
| Seth Arnold | http://www.willamette.edu/~sarnold/
| Hate spam? See http://maps.vix.com/rbl/ for help
| Hi! I'm a .signature virus! Copy me into
| your ~/.signature to help me spread!
|

home help back first fref pref prev next nref lref last post