Shadow Op Dragon Server Multiple DoS Vulnerabilities

Two denial of service vulnerabilities exist in the Dragon Server package, versions 1.00 and 2.00, from Shadow Ops Software. By supplying large arguments to two different network services, it is possible to cause these services to be innaccessible.

By sending a USER command to the ftp server, and placing a buffer of approximately 16,500 characters as the argument to the command, it is possible to crash the ftp service.

By sending a buffer of approximately 16,500 characters to the telnet server in place of a user name, it is also possible to crash this service.

These both appear to be due to insufficient bounds checking.


Privacy Statement
Copyright 2010, SecurityFocus