Remote DoS Attack in BisonWare FTP Server V3.5 Vulnerability

PROBLEM

UssrLabs found a Local/Remote DoS Attack in BisonWare FTP Server V3.5,
the buffer overflow is caused by a long user name,  2000 characters,

There is not much to expand on.... just a simple hole

Example:

Go to: http://www.ussrback.com/biftps35/

For the source / binary of this remote / local D.O.S

Vendor Status:
Contacted.

Vendor   Url: http://ourworld.compuserve.com/homepages/nick_barnes/
Program Url:
http://ourworld.compuserve.com/homepages/nick_barnes/ftpserve.htm

Credit: USSRLABS

SOLUTION
    Nothing yet.


u n d e r g r o u n d  s e c u r i t y  s y s t e m s  r e s e a r c h
http://www.ussrback.com