COMMAND

    Broker FTP Server

SYSTEMS AFFECTED

    TransSoft's Broker FTP Server 3.x & 4.x

PROBLEM

    The  USSR  Team  has  found  a  buffer  overflow in the Broker FTP
    Server,  which  can  enable  an  attacker  to  execute a denial of
    service attack  against it.   If the  FTP server  is running  as a
    service, an attacker can cause the server to consume _all_  memory
    and  computer  resources  by  inputing  a  username  that  is 6000
    characters or greater.

    Example:

        [pic@peludita]$ telnet example.com 21
        Trying example.com...
        Connected to example.com.
        Escape character is '^]'.
        220 FTP Server ready [***]
        [buffer]

    Where [buffer] is aprox. 6000 characters.

SOLUTION

    Broker FTP  Server, all  releases prior  to 4.3.0.1  are affected.
    So, it is fixed in versions 4.3.0.1 and up.