Plus 4.2d FTP Denial of Service
Reported November 10, 1999 by USSRLABS
UssrLabs reported a problem in QPC"s QVT/Term Plus 4.2d FTP Server, where a buffer overflow condition can allow a remote user to intiate a denial of service attack against the software.
When a remote user connects to the software and sends a username and password of 2000 characters, the server suffers a buffer overrun and crashes.
UssrLabs did not notify QPC of this problem, however the vendor has been made aware through other channels.
Discovered by USSRLABS
Posted here at NTSecurity.net on November 14, 1999