| Vermillion FTP Server Subject to DoS |
Reported November 22, 1999 by USSRLABS
USSRLabs discovered a denial of service condition in Vermillion FTP Daemon (VFTPD) v1.23 caused by a buffer overflow condition in the CWD command.
By send a CWD command three times in a row with a command buffer of exactly 504 characters, the server can be made to crash.
Where buffer is 504 characters.
UssrLabs notified Arcane Software about this problem, however no response is unknown at this time.
Discovered by USSRLABS
Posted here at NTSecurity.net on November 22, 1999