Reported September 12, 2000 by Delphis Consulting

VERSIONS AFFECTED
  • Fastream FTP++ 2

DESCRIPTION

Running under Windows 2000, Faststream FTP++ 2.0, is vulnerable to a denial of service attack.  The attack causes all available CPU cycles to be consumed and requires a reboot to remedy.

DEMONSTRATION

An attacker may simply connect to port 21 (FTP) and send 4.08K of DATA as the username.  It has also been possible to crash the program with a buffer overrun but this result was random and difficult to reproduce. 

VENDOR RESPONSE

According to Delphis Consulting, the vendor has been very responsive and has released a patch available from their website, www.fastream.com

CREDIT
Discovered by Delphis Consulting