Enceladus Server suite 3.9.11

Release Date:
-------------
June 15,2003

Severity
---------
High(Remote crash-code execution)

Systems Affected:
-----------------
Enceladus Server Suite 3.9.11 (possibly all the older versions are vulnerable)


Description:
Enceladus Server Suite is a package that contains A web and an ftp server.Many buffer overflows
found on the ftp server that allows you to crash the ftp server or execute arbitary code.


Exploit code:
-------------

By connecting on the ftp and supplying a big CWD or STAT command the ftp server will stop responding.

CWD A * 280

Stat A * 340

After giving this command even the HTTP server will crash:)






Credit:
Dr_insane


Feedback:
Please send comments to:

dr_insane@pathfinder.gr
http://members.lycos.co.uk/r34ct/