G6 FTP Server v2.0 Denial of Service
Reported November 17, 1999 by
USSRLABS
VERSIONS EFFECTED
  • G6 FTP Server v2.0 (Beta 4 and 5)

DESCRIPTION

UssrLabs reported a denial of service vulnerability in Gene6"s G6 FTP Server caused by a buffer overflow condition.

When a user logs into the FTP server using a long user name (2000 chars) the service will begin consuming memory and CPU cycles until all resources have been exhausted. This causes the server to stop responding.

VENDOR RESPONSE

UssrLabs did not notify Gene6 of this problem, however the vendor has been made aware through other channels.

CREDITS
Discovered by USSRLABS

Posted here at NTSecurity.net on November 17, 1999