Date: Fri, 13 Apr 2001 21:13:17 +0200
From: SNS Research <[email protected]>
To: [email protected]Subject: QPC FTPd Directory Traversal and BoF Vulnerabilities
Strumpf Noir Society Advisories
! Public release !
<--#
-= QPC FTPd Directory Traversal and BoF Vulnerabilities =-
Release date: Saturday, April 14, 2001
Introduction:
QPC's ftpd is the ftp server component of the company's QVT/NET
and QVT/Term software suites for MS Windows.
The ftpd and the rest of the QVT/Net and QVT/Term product lines
is available from vendor QPC's website: http://www.qpc.com
Problem(s):
Directory Traversal Vulnerability
The ftpd daemon that ships with above mentioned packages is
vulnerable to a directory traversal problem. Adding '../'
(''s excluded) to a listing request ('ls') any user can gain
read access to other directories than his/her own.
Remote Buffer Overflow Vulnerability
The ftpd daemon that ships with mentioned packages contains an
unchecked buffer in the logon function. When a username or
password of 655 bytes or more gets fed to the server the buffer
will overflow and will trigger an access violation, after which
the server dies.
(..)
Solution:
Vendor QPC was notified but has yet to respond.
This was tested against QVT/Net Ftpd 4.3, coming with the
QVT/Net 5.0 and QVT/Term 5.0 suites, running on MS Win2k.
yadayadayada
Free sk8! (http://www.freesk8.org)
SNS Research is rfpolicy (http://www.wiretrip.net/rfp/policy.html)
compliant, all information is provided on AS IS basis.
EOF, but Strumpf Noir Society will return!
