QVT/Term Plus 4.2d FTP Denial of Service
Reported November 10, 1999 by
USSRLABS
VERSIONS EFFECTED
  • QPC"s QVT/Term Plus 4.2d

DESCRIPTION

UssrLabs reported a problem in QPC"s QVT/Term Plus 4.2d FTP Server, where a buffer overflow condition can allow a remote user to intiate a denial of service attack against the software.

DEMONSTRATION CODE

When a remote user connects to the software and sends a username and password of 2000 characters, the server suffers a buffer overrun and crashes.

VENDOR RESPONSE

UssrLabs did not notify QPC of this problem, however the vendor has been made aware through other channels.

CREDITS
Discovered by USSRLABS

Posted here at NTSecurity.net on November 14, 1999