Bugtraq mailing list archives

Remote DoS Attack in QVT/Term 'Plus' 4.2d FTP Server Vulnerability

From: labs () USSRBACK COM (Ussr Labs)
Date: Wed, 10 Nov 1999 04:09:23 -0300


Remote DoS Attack in QVT/Term 'Plus' 4.2d FTP Server Vulnerability

PROBLEM

UssrLabs found a Local/Remote DoS Attack in QVT/Term 'Plus' 4.2d FTP Server,
the buffer overflow is caused by a long user name / password,  2000
characters,
and the re-connection to the Ftp Server.

There is not much to expand on.... just a simple hole

Example:

Go to: http://www.ussrback.com/qvtfs42/

For the source / binary of this remote / local D.O.S

Vendor Status:
Not Contacted

Vendor   Url: http://www.qpc.com
Program Url:http://www.qpc.com

Credit: USSRLABS

SOLUTION
    Nothing yet.

Current thread:

networksolutions CRYPT-PW salt (was: Re: Insecure handling of NetSol maintainer passwords), (continued)
- - - networksolutions CRYPT-PW salt (was: Re: Insecure handling of NetSol maintainer passwords) Jefferson Ogata (Nov 10)
    - [Cobalt] Security Advisory - cgiwrap Jeff Bilicki (Nov 09)
    - Re: MS Outlook alert : Cuartango Active Setup - Workaround Instructions Andy Helsby (Nov 09)
  - Remote DoS Attack in TransSoft's Broker Ftp Server v3.5 Vulnerability Ussr Labs (Nov 08)
  - FreeBSD 3.3's seyon vulnerability Brock Tellier (Nov 08)
    - Re: FreeBSD 3.3's seyon vulnerability Bill Fumerola (Nov 09)
  - Re: MS Outlook alert : Cuartango Active Setup Bronek Kozicki (Nov 09)
- IE4/5 "file://" buffer overflow UNYUN (Nov 08)
  - Re: IE4/5 "file://" buffer overflow Mikael Olsson (Nov 09)
  - (no subject) Ejovi Nuwere (Nov 09)
  - Remote DoS Attack in QVT/Term 'Plus' 4.2d FTP Server Vulnerability Ussr Labs (Nov 09)
  - Multiples Remotes DoS Attacks in Artisoft XtraMail v1.11 Vulnerability Ussr Labs (Nov 10)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Chuck Phillips (Nov 07)