Bugtraq mailing list archives
Remote DoS Attack in Vermillion FTP Daemon (VFTPD) v1.23 Vulnerability
From: labs () USSRBACK COM (Ussr Labs)
Date: Mon, 22 Nov 1999 10:08:39 -0300
Remote DoS Attack in Vermillion FTP Daemon (VFTPD) v1.23 Vulnerability PROBLEM UssrLabs found a Local/Remote DoS Attack in Vermillion FTP Daemon (VFTPD) v1.23, The buffer overflow is caused by a 3 times long cwd, 504 characters, Example: [[gimmemore@itsme]$ telnet example.com 21 Trying example.com... Connected to example.com. Escape character is '^]'. 220 itsme FTP Server (vftpd 1.23) ready. USER itsme PASS ****** CWD (buffer) CWD (buffer) CWD (buffer) Overflow. For the source / binary of this remote / local D.O.S Vendor Status: Contacted vendor: ARCANE SOFTWARE Vendor Url: http://www.arcanesoft.com/ Program Url: http://www.arcanesoft.com/files/vftpd123.exe Credit: USSRLABS SOLUTION Nothing yet. u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h http://www.ussrback.com
Current thread:
- Jet Vulnerability affect Office 95 users (fwd), (continued)
- Jet Vulnerability affect Office 95 users (fwd) ah1 () SECURITYFOCUS COM (Nov 17)
- Re: [Fwd: Printer Vulnerability: Tektronix PhaserLink Webserver gives Administrator Password] Ronan Waide (Nov 17)
- Re: Tektronix PhaserLink Webserver Reveals Admin Password Blake Frantz (Nov 17)
- Remote DoS attack against Microsoft SQL Server 7.0 Kevork Belian (Nov 17)
- Re: Tektronix PhaserLink Webserver Reveals Admin Password elfchief () LUPINE ORG (Nov 18)
- Potential vulnerability in Oracle Mary Ann Davidson (Nov 18)
- Re: [Fwd: Printer Vulnerability: Tektronix PhaserLink Webservergives Administrator Password] Dennis W. Mattison (Nov 18)
- buffer overflow in HP JetDirect module (probably affects all HP printers with network support) Tobias Haustein (Nov 19)
- Re: buffer overflow in HP JetDirect module (probably affects all HP printers with network support) Brian (Nov 19)
- Re: buffer overflow in HP JetDirect module (probably affects all HP printers with network support) Pat Hayden (Nov 20)
- Remote DoS Attack in Vermillion FTP Daemon (VFTPD) v1.23 Vulnerability Ussr Labs (Nov 22)