Vulnerability Development mailing list archives
Reflection FTP 7.01 buffer overflow
From: Michel Arboi <arboi () YAHOO COM>
Date: Tue, 13 Feb 2001 11:57:29 -0800
In November 2000, we discovered that Reflection FTP 7.01 server is vulnerable to a buffer overflow on the password. The server checks the length of the username, but entering a too long password makes it crash. We did not check if this is just a DoS or can be exploited. We e-mailed WRQ Support who answered that the problem was unknown but unfortunately the product was discontinued, so there will be no patch. Information is available at http://support.wrq.com/lifecycle/product_reclass.html They also mentionned that this product was provided as a personal convenience and should not be used in a production environment. That is a pity, as it had some interesting features (e.g. restricting the source address) __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/
Current thread:
- Reflection FTP 7.01 buffer overflow Michel Arboi (Feb 13)