logo Home

Untitled Document

Home > Archives Advisories > Articles

Untitled Document

Untitled Document

Hyperion FTP server Remote DOS and unauthorised remote access
Date: 2003-04-10

Author : moran zavdi <moraniam@hotmail.com>

DataSEC Advisory http://www.data-sec.com


Application: Hyperion FTP Server
Web Site: http://www.mollensoft.com
Versions: 3.0.0
Platform: Windows
Bug: Buffer Overflow.
Risk: Remote DOS and unauthorised remote access.


1) Introduction
2) Bug
3) The Code
4) Fix

1) Introduction

Hyperion FTP Server is a powerful, reliable FTP server for
Windows95/98/NT/2000, and supports all basic FTP commands,
and much more, such as passive mode.

2) Bug

Buffer Overflow in the USER field.
Any remote attacker can cause DOS and in some cases get
unauthorised remote access to the server.
when sending a string in the user field with more than 931 chars.

3) The Code

telnet <server> 21

A * 931

connection closed.

server overflow will occur.

4) Fix

Mollensoft have been informed about this issue and released a new
version, however they did not gave it a new version number.
Anyone who is using version installed before 5/4/03 is advised
to download and install the new version.


Moran Zavdi
Security consultant


arrowSearch Advisories


Free weekly Newsletter.

Please enter your email address here:
arrowReport Vulnerability

If you've found a vulnerability please
click here to report it.


About Us | Contact Us | Advertise | email | Backend flag
Copyright © 2016-2017 Security Corporation - All Rights Reserved - Legal - Privacy Policy