Archive : 1999 : november : broker - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Remote DoS Attack in TransSoft's Broker Ftp Server v3.5 Vulnerability




=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


    Date: Вт, 09 ноя 1999  05:43:44

   От: Ussr Labs <labs@USSRBACK.COM>

 Кому: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

 Тема: Remote DoS Attack in TransSoft's Broker Ftp Server  v3.5 Vulnerability

--------------------------------------------------------------------------------




Remote DoS Attack in TransSoft's Broker Ftp Server  v3.5 Vulnerability



PROBLEM



UssrLabs found a Remote DoS Attack in TransSoft's Broker Ftp Server v3.5,

the buffer overflow is caused by a long user name 2730 characters.

If TransSoft's Broker Server is running as a service the service will start

eating all memory and all computer resource CPU 100%, at the moment of no

more memory, if this happend all system is down :(



There is not much to expand on.... just a simple hole



Example:



Go to: http://www.ussrback.com/broker35/



For the source / binary of this remote / local D.O.S





Vendor Status:

Not Contacted



Vendor   Url: http://www.transsoft.com

Program Url:http://www.ftpcontrol.com/broker/index.html



Credit: USSRLABS



SOLUTION

    Nothing yet.