QPC Software QVT Term 4.3/QVT/Net 4.3 Suite FTP Server - Denial of Service

EDB-ID:

19619


Author:

Ussr Labs

Type:

dos


Platform:

Windows

Date:

1999-11-10


source: https://www.securityfocus.com/bid/796/info

The FTP server that ships with QPC's QVT line of products is vulnerable to a denial of service attack. The FTP server has an unchecked buffer in the logon function. If a username/password pair is specified that is longer than 2000 characters combined, the server will drop the connection with an 'authentication failed' message. The next time someone tries to connect, the server will crash. 

19619-2.exe - binary
19619-1.zip - source 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19619-1.zip

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19619-2.exe