Home page logo
/

bugtraq logo Bugtraq mailing list archives

(BisonWare FTP Server V3.5 Roses Labs Security Advisory) is a old reported thing
From: labs () USSRBACK COM (Ussr Labs)
Date: Tue, 7 Mar 2000 04:27:40 -0300


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----------------------------------------------------------------------
- --------------------------------------------
                Roses Labs Security Advisory
                ----------------------------

  Author: Conde Vampiro
  Roses Labs Advisory Code: RLA002
  Date: 2/29/2000.
  Software: BisonWare FTP Server V3.5
  Platform: Windows 9x/NT.
  Risk: Remote buffer overflow, that allow
  to crash the FTP Server. (Maybe also be
  possible to execute arbitrary code.)

  ------------
  Introduction
  ------------

        Bison FTP Server is a FTP server that
  runs on windows platforms. An intruder can launch
  an attack that will crash the FTP server.

  ------
  Detail
  ------

        Sending a "LOGIN" & "PASSWORD" of 550 characters
  each, will crash the FTP Server. This is the error that
  the FTP will produce:

  "Exception EAccessViolation in module BISONFTP.EXE at
   0A0D4858. Access vilation at address 0A0D5858. Read of
   address 0A0D5858."

  ----
  Code
  ----

        Warning: Neither the Roses Labs or the author accept
  any responsibility of the use of this code. This code will
  crash the FTP server.

  ---   
  Fix
  ---

        This problem is fixed in V4.1 out soon.

  ----
  Note  
  ----

        This bug was found using Cyber Host
  Auditor (CHA). CHA is a security tool coded by
  The Roses Labs to discover in a easy way DoS &
  possible buffer overflows.

  Roses Labs / w00w00
  http://www.roses-labs.com
  Advanced Security Research.

- ----------------------------------------------------------------------
- --------------------------------------------

Ussr labs Release the Advisory the day 25/11/1999 reporting the
BisonWare FTP Server V3.5 problem, i dont know why
but is never posted in bugtraq. (we send the message).

"Your message dated Wed, 24 Nov  1999 22:55:02 -0300 with subject
"Remote DoS
Attack in BisonWare FTP Server V3.5 Vulnerability" has been submitted
to the
moderator of the BUGTRAQ list: Elias Levy
<aleph1 () SECURITYFOCUS COM>."

but nobody post it in bugtraq.

http://www.ntsecurity.net/scripts/win2ks-l.asp?A2=IND9911D&L=WIN2KSECA
DVICE&F=&S=&P=1327
Remote DoS Attack in BisonWare FTP Server V3.5 Vulnerability
Remote DoS Attack in BisonWare FTP Server V3.5 Vulnerability (44
lines)
From: Ussr Labs <labs () USSRBACK COM>
Date: Wed, 24 Nov 1999 22:52:41 -0300

http://www.ntsecurity.net/scripts/win2ks-l.asp?A2=IND9911D&L=WIN2KSECA
DVICE&F=&S=&P=1541
SV: Remote DoS Attack in BisonWare FTP Server V3.5 Vulnerability
SV: Remote DoS Attack in BisonWare FTP Server V3.5 Vulnerability (69
lines)
From: Arne Vidstrom <winnt () BAHNHOF SE>
Date: Thu, 25 Nov 1999 23:50:44 +0100

u n d e r g r o u n d  s e c u r i t y  s y s t e m s  r e s e a r c
h
http://www.ussrback.com

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>

iQA/AwUBOMSvbNybEYfHhkiVEQJWNACgpocEeWJy5jLKYyJiimyC4+mKZhYAoLwU
v6dek/h+bVYxBu2QwXB6TWC8
=nTbQ
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]