Bugtraq mailing list archives
Remote D.o.S Attack in G6 FTP Server v2.0 (beta 4/5) Vulnerability
From: labs () USSRBACK COM (Ussr Labs)
Date: Wed, 17 Nov 1999 03:22:09 -0300
Remote D.o.S Attack in G6 FTP Server v2.0 (beta 4/5) Vulnerability PROBLEM UssrLabs found a Local/Remote DoS Attack in G6 FTP Server v2.0 (beta 4/5), the buffer overflow is caused by a long user name, 2000 characters. the G6FTP start to do infinites loops in the main program,and start eating all memory and all computer resource CPU 100%, at the moment of no more memory, if this happend ALL System is down :( Example: [[gimmemore@itsme]$ telnet example.com 21 Trying example.com... Connected to example.com. Escape character is '^]'. 220-G6 FTP Server v2.0 (beta 5) ready ... USER {buffer) Binary/Source for this D.O.S: http://www.ussrback.com/g6ftp/ Where buffer is 2000 characters. Vendor Status: Not Contacted Vendor Url: http://www.gene6.com/ Program Url: http://www.gene6.com/g6ftpd/download.html Credit: USSRLABS SOLUTION Nothing yet. u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h http://WWW.USSRBACK.COM
Current thread:
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7), (continued)
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Theo de Raadt (Nov 13)
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Szilveszter Adam (Nov 14)
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Brian Fundakowski Feldman (Nov 14)
- BIND 8.2.2-P5 release announcement Roger Fajman (Nov 13)
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Oystein Viggen (Nov 16)
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Daniel Jacobowitz (Nov 16)
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Jochen Bauer (Nov 16)
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Nick Craig-Wood (Nov 18)
- ProFTPd - mod_sqlpw.c Todd C. Campbell (Nov 19)
- Pandora v4 Beta 2 Software Simple Nomad (Nov 19)
- Remote D.o.S Attack in G6 FTP Server v2.0 (beta 4/5) Vulnerability Ussr Labs (Nov 16)
- Re: Remote D.o.S Attack in G6 FTP Server v2.0 (beta 4/5) Vulnerability Seth R Arnold (Nov 17)
- Re: Remote D.o.S Attack in G6 FTP Server v2.0 (beta 4/5) Vulnerability Marc (Nov 17)
- SuSE Security Announcement - syslogd (a1) Thomas Biege (Nov 18)
- local users can panic linux kernel (was: SuSE syslogd advisory) Mixter (Nov 18)
- Re: local users can panic linux kernel (was: SuSE syslogd advisory) Alan Cox (Nov 19)
- Re: local users can panic linux kernel (was: SuSE syslogd advisory) Savochkin Andrey Vladimirovich (Nov 20)
- ANN: Bruce v1.0 Early Access 1 - Available for downloa Alec Muffett (Nov 22)
- Re: local users can panic linux kernel (was: SuSE syslogd Alan Cox (Nov 22)
- Re: local users can panic linux kernel (was: SuSE syslogd Savochkin Andrey Vladimirovich (Nov 23)
- Re: local users can panic linux kernel (was: SuSE syslogd Darren Reed (Nov 23)
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Theo de Raadt (Nov 13)