[12741] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Remote DoS Attack in BisonWare FTP Server V3.5 Vulnerability

daemon@ATHENA.MIT.EDU (Ussr Labs)
Fri Nov 26 04:54:48 1999

Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id:  <NCBBKFKDOLAGKIAPMILPKEPFCAAA.labs@ussrback.com>
Date:         Wed, 24 Nov 1999 22:55:02 -0300
Reply-To: Ussr Labs <labs@USSRBACK.COM>
From: Ussr Labs <labs@USSRBACK.COM>
X-To:         BUGTRAQ <bugtraq@securityfocus.com>
To: BUGTRAQ@SECURITYFOCUS.COM

Remote DoS Attack in BisonWare FTP Server V3.5 Vulnerability

PROBLEM

UssrLabs found a Local/Remote DoS Attack in BisonWare FTP Server V3.5,
the buffer overflow is caused by a long user name,  2000 characters,

There is not much to expand on.... just a simple hole

Example:

Go to: http://www.ussrback.com/biftps35/

For the source / binary of this remote / local D.O.S

Vendor Status:
Contacted.

Vendor   Url: http://ourworld.compuserve.com/homepages/nick_barnes/
Program Url:
http://ourworld.compuserve.com/homepages/nick_barnes/ftpserve.htm

Credit: USSRLABS

SOLUTION
    Nothing yet.


u n d e r g r o u n d  s e c u r i t y  s y s t e m s  r e s e a r c h
http://www.ussrback.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[12741] in bugtraq

Remote DoS Attack in BisonWare FTP Server V3.5 Vulnerability

daemon@ATHENA.MIT.EDU (Ussr Labs)Fri Nov 26 04:54:48 1999

daemon@ATHENA.MIT.EDU (Ussr Labs)
Fri Nov 26 04:54:48 1999