Bugtraq mailing list archives

Remote DoS Attack in TransSoft's Broker Ftp Server v3.5 Vulnerability

From: labs () USSRBACK COM (Ussr Labs)
Date: Mon, 8 Nov 1999 23:44:18 -0300


Remote DoS Attack in TransSoft's Broker Ftp Server  v3.5 Vulnerability

PROBLEM

UssrLabs found a Remote DoS Attack in TransSoft's Broker Ftp Server v3.5,
the buffer overflow is caused by a long user name 2730 characters.
If TransSoft's Broker Server is running as a service the service will start
eating all memory and all computer resource CPU 100%, at the moment of no
more memory, if this happend all system is down :(

There is not much to expand on.... just a simple hole

Example:

Go to: http://www.ussrback.com/broker35/

For the source / binary of this remote / local D.O.S

Vendor Status:
Not Contacted

Vendor   Url: http://www.transsoft.com
Program Url:http://www.ftpcontrol.com/broker/index.html

Credit: USSRLABS

SOLUTION
    Nothing yet.

Current thread:

Re: MS Outlook alert : Cuartango Active Setup, (continued)
- - Re: MS Outlook alert : Cuartango Active Setup David LeBlanc (Nov 08)
  - Re: MS Outlook alert : Cuartango Active Setup - Workaround Instructions Mark (Nov 08)
    - Insecure handling of NetSol maintainer passwords jlewis () LEWIS ORG (Nov 08)
    - flaw in dmesg under Solaris echo8 (Nov 09)
    - Re: Insecure handling of NetSol maintainer passwords Jefferson Ogata (Nov 09)
    - Re: Insecure handling of NetSol maintainer passwords pedward () WEBCOM COM (Nov 10)
    - Re: Insecure handling of NetSol maintainer passwords Trevor Schroeder (Nov 10)
    - networksolutions CRYPT-PW salt (was: Re: Insecure handling of NetSol maintainer passwords) Jefferson Ogata (Nov 10)
    - [Cobalt] Security Advisory - cgiwrap Jeff Bilicki (Nov 09)
    - Re: MS Outlook alert : Cuartango Active Setup - Workaround Instructions Andy Helsby (Nov 09)
  - Remote DoS Attack in TransSoft's Broker Ftp Server v3.5 Vulnerability Ussr Labs (Nov 08)
  - FreeBSD 3.3's seyon vulnerability Brock Tellier (Nov 08)
    - Re: FreeBSD 3.3's seyon vulnerability Bill Fumerola (Nov 09)
  - Re: MS Outlook alert : Cuartango Active Setup Bronek Kozicki (Nov 09)
- IE4/5 "file://" buffer overflow UNYUN (Nov 08)
  - Re: IE4/5 "file://" buffer overflow Mikael Olsson (Nov 09)
  - (no subject) Ejovi Nuwere (Nov 09)
  - Remote DoS Attack in QVT/Term 'Plus' 4.2d FTP Server Vulnerability Ussr Labs (Nov 09)
  - Multiples Remotes DoS Attacks in Artisoft XtraMail v1.11 Vulnerability Ussr Labs (Nov 10)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Chuck Phillips (Nov 07)