COMMAND

    OOB to ftp

SYSTEMS AFFECTED

    Win 3.x, Win95 (possibly Win NT)

PROBLEM

    Efrain Torres Mejia posted following about possible DOS attack  on
    ftp server running on PC (Win).  Anybody from outside can shutdown
    your pc ftp  server.  And  if u are  under win3.1 the  system will
    crash.

    Tested program  was WinQVT/NET  (all versions..  16 and  32 bits).
    Exploit is quite easy.  Just Send a OOB (Out of Band) to port  21.
    Any winnuke will help.  Just change from port 139 to 21.

    This  could  be  a  DOS/Win  problem  in general, and might not be
    specific to the WinQVT package.

SOLUTION

    Don't  use  it  or  upgrade.   A  patched  version of NT 4.0 isn't
    vulnerable to this running MS's FTP server.