Running under Windows 2000, Faststream FTP++ 2.0, is vulnerable to a denial of service attack. The attack causes all available CPU cycles to be consumed and requires a reboot to remedy. DEMONSTRATION An attacker may simply connect to port 21 (FTP) and send 4.08K of DATA as the username. It has also been possible to crash the program with a buffer overrun but this result was random and difficult to reproduce. VENDOR RESPONSE According to Delphis Consulting, the vendor has been very responsive and has released a patch available from their website, www.fastream.com CREDIT |
0 comments
Hide comments