COMMAND

    QPC FTPd

SYSTEMS AFFECTED

    QPC FTPd

PROBLEM

    Following is based  on a Strumpf  Noir Society Advisories.   QPC's
    ftpd is  the ftp  server component  of the  company's QVT/NET  and
    QVT/Term software suites for MS Windows.

    The  ftpd  daemon  that  ships  with  above  mentioned packages is
    vulnerable to  a directory  traversal problem.  Adding '../'  (''s
    excluded)  to  a  listing  request  ('ls')  any user can gain read
    access to other directories than his/her own.

    The ftpd  daemon that  ships with  mentioned packages  contains an
    unchecked  buffer  in  the  logon  function.   When  a username or
    password of 655 bytes  or more gets fed  to the server the  buffer
    will overflow and  will trigger an  access violation, after  which
    the server dies.

    This was tested against QVT/Net Ftpd 4.3, coming with the  QVT/Net
    5.0 and QVT/Term 5.0 suites, running on MS Win2k.

SOLUTION

    Vendor QPC was notified but has yet to respond.