Bugtraq mailing list archives

Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability

From: labs () USSRBACK COM (Ussr Labs)
Date: Tue, 14 Dec 1999 03:57:08 -0300


Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability

PROBLEM

UssrLabs found a Local/Remote DoS Attack in War FTP Daemon 1.70
the buffer overflow is caused by a Multiples connections at the same time
(over 60) in the ftp server , and some characters in the login name.

There is not much to expand on.... just a simple hole

For the source / binary of this remote / local D.O.S
Go to: http://www.ussrback.com/

Vendor Status:
Contacted.

Vendor   Url: http://www.jgaa.com
Program Url: http://www.jgaa.com/warftpd.htm

Credit: USSRLABS

SOLUTION
    Nothing yet.

u n d e r g r o u n d  s e c u r i t y  s y s t e m s  r e s e a r c h
http://www.ussrback.com

Current thread:

Big problem on 2.0.x? Eduardo Cruz (Dec 09)
- Re: Big problem on 2.0.x? Hugo.van.der.Kooij () CAIW NL (Dec 10)
- Re: Big problem on 2.0.x? Mike Ireton (Dec 10)
- <Possible follow-ups>
- Re: Big problem on 2.0.x? Stephen White (Dec 11)
  - Privacy hole in Go Express Search Alfred Huger (Dec 13)
  - Re: Big problem on 2.0.x? Jason Mills (Dec 13)
    - [patch] Re: Big problem on 2.0.x? Andrea Arcangeli (Dec 14)
  - Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Ussr Labs (Dec 13)
    - Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Malartre (Dec 14)
    - Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Ussr Labs (Dec 14)
    - Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Federico - Comnet S.A. (Dec 15)
    - Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70Vulnerability ussr secure (Dec 16)
    - Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Tim (Dec 15)
    - Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Ussr Labs (Dec 15)
    - CERT Advisory CA-99-16 Buffer Overflow in Sun Solstice AdminSuite Daemon sadmind Elias Levy (Dec 14)
    - Statement: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Jarle Aase (Dec 16)
  - sshd1 allows unencrypted sessions regardless of server policy Markus Friedl (Dec 14)
    - Re: sshd1 allows unencrypted sessions regardless of server policy Michael H. Warfield (Dec 14)

(Thread continues...)