BisonWare FTP Server V3.5
Subject to DoS
Reported November 25, 1999 by
USSRLABS
VERSIONS AFFECTED
  • BisonWare FTP Server V3.5

DESCRIPTION

USSRLabs discovered a denial of service condition in BisonWare FTP Server V3.5. The problems are the result of buffer overflow conditions within the program code.

DEMONSTRATION

The problem affects the login sequence. By sending a very long URL user name of 2000 characters the service can be made to crash.

VENDOR RESPONSE

UssrLabs notified BisonWare about this problem, however no response is unknown at this time.

CREDITS
Discovered by USSRLABS