COMMAND

    Vermillion FTP Daemon

SYSTEMS AFFECTED

    VFTPD 1.23

PROBLEM

    UssrLabs found a Local/Remote DoS Attack in Vermillion FTP  Daemon
    (VFTPD) v1.23,  The buffer  overflow is  caused by  a 3 times long
    cwd, 504 characters.  Example:

        [gimmemore@itsme]$ telnet example.com 21
        Trying example.com...
        Connected to example.com.
        Escape character is '^]'.
        220 itsme FTP Server (vftpd 1.23) ready.
        USER itsme
        PASS ******
        CWD (buffer)
        CWD (buffer)
        CWD (buffer)

    Overflow.

SOLUTION

    Vendor has been contacted.