Vermillion FTPD Long CWD Commands DoS

1999-11-22T13:07:57
ID OSVDB:9834
Type osvdb
Reporter OSVDB
Modified 1999-11-22T13:07:57

Description

Vulnerability Description

A remote overflow exists in Vermillion FTPD. The daemon fails to perform proper bounds checking resulting in a buffer overflow. By sending an overly long CWD command containing 504 or more characters three times in a row, a remote attacker can cause the daemon to crash resulting in a loss of availability for the service.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

A remote overflow exists in Vermillion FTPD. The daemon fails to perform proper bounds checking resulting in a buffer overflow. By sending an overly long CWD command containing 504 or more characters three times in a row, a remote attacker can cause the daemon to crash resulting in a loss of availability for the service.

References:

Vendor URL: http://www.arcanesoft.com/ Other Advisory URL: http://www.ussrback.com/labs14.html ISS X-Force ID: 3543 CVE-1999-1058 Bugtraq ID: 818