Preface: FTP password overflowLogo -Internet Security Systems

FTP password overflow
advICE :Intrusions : 2001307
 FAQ
Oh my gosh, I'm being HACKED!!!
How do I report the hacker to my ISP?
I'm seeing lots of attacks, is this normal?
Summary

Buffer overflow attempt.

Details

A very long user name, password, or file name often signals an intentional effort to overflow a buffer on a server. By constructing the data in a particular way, the intruder may be able to execute his own code on the attacked system.

 more information
CERT: CA-99-03-FTP-Buffer-Overflows  
 
advICE: Buffer overflows  
More about this general class of attacks, which is the root cause of many attacks on the Internet.  
advICE: FTP defense  
How to harden an FTP server against Internet attacks.  
advICE: FTP exploits  
A list of common ways that intruders break into FTP servers.  
BugtraqID: 1582   OS/2 4.5 FTP Server Login DoS Vulnerability
 
BugtraqID: 796   QPC QVT Suite FTP Server DoS Vulnerability
If the combined username and password are greater than 2000 characters, then a buffer overflow occurs.  

 parametric information
lengthThe length of the password; if it is longer than a few hundred characters, then it may be a buffer overflow attempt.

 configuration for this item
login.maxpass100The maximum length of a password.

 
Version appeared:
Privacy Policy |  Copyright Info