Running under Windows 2000, Faststream FTP++ 2.0, is vulnerable to a denial of service attack. The attack causes all available CPU cycles to be consumed and requires a reboot to remedy.
An attacker may simply connect to port 21 (FTP) and send 4.08K of DATA as the username. It has also been possible to crash the program with a buffer overrun but this result was random and difficult to reproduce.
According to Delphis Consulting, the vendor has been very responsive and has released a patch available from their website, www.fastream.com