COMMAND

    Reflection FTP

SYSTEMS AFFECTED

    Reflection FTP 7.01

PROBLEM

    Michel Arboi  found following.   In November  2000, he  discovered
    that Reflection FTP 7.01 server is vulnerable to a buffer overflow
    on the password.   The server checks  the length of  the username,
    but entering  a too  long password  makes it  crash.   Michael did
    not check if this is just a DoS or can be exploited.

SOLUTION

    He e-mailed WRQ Support who answered that the problem was  unknown
    but unfortunately the product  was discontinued, so there  will be
    no patch.  Information is available at

        http://support.wrq.com/lifecycle/product_reclass.html

    They also mentionned that this product was provided as a  personal
    convenience and should not be used in a production environment.