Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability

Subject: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability
From: Ussr Labs (labsUSSRBACK.COM)
Date: Tue Dec 14 1999 - 00:57:08 CST

• Next message: Aleph One: "CERT Advisory CA-99.15 - Buffer Overflows in SSH Daemon and RSAREF2 Library"
• Previous message: Markus Friedl: "sshd1 allows unencrypted sessions regardless of server policy"
• Next in thread: Malartre: "Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability"
• Reply: Malartre: "Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability"
• Reply: Jarle Aase: "Statement: Local / Remote D.o.S Attack in War FTP Daemon 1.70"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability

PROBLEM

UssrLabs found a Local/Remote DoS Attack in War FTP Daemon 1.70
the buffer overflow is caused by a Multiples connections at the same time
(over 60) in the ftp server , and some characters in the login name.

There is not much to expand on.... just a simple hole

For the source / binary of this remote / local D.O.S
Go to: http://www.ussrback.com/

Vendor Status:
Contacted.

Vendor Url: http://www.jgaa.com
Program Url: http://www.jgaa.com/warftpd.htm

Credit: USSRLABS

SOLUTION
    Nothing yet.

u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h
http://www.ussrback.com

• Next message: Aleph One: "CERT Advisory CA-99.15 - Buffer Overflows in SSH Daemon and RSAREF2 Library"
• Previous message: Markus Friedl: "sshd1 allows unencrypted sessions regardless of server policy"
• Next in thread: Malartre: "Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability"
• Reply: Malartre: "Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability"
• Reply: Jarle Aase: "Statement: Local / Remote D.o.S Attack in War FTP Daemon 1.70"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Tue Dec 14 1999 - 11:36:35 CST