SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Join our Affiliate Program
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (File Transfer/Sharing)  >  NGC Active FTPServer Vendors:  Next Generation Count
NGC Active FTPServer USER Command Overflow Lets Remote Users Crash the FTP Service
SecurityTracker Alert ID:  1006967
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 11 2003
Impact:  Denial of service via network
Exploit Included:  Yes   Vendor Confirmed:  Yes  
Version(s): 2.40
Description:  Ziv Kamir reported a denial of service vulnerability in the NGC Active FTPServer 2002. A remote user can cause the FTP service to crash.

It is reported that a remote user can send a USER command with a string of 25001 characters or more as an argument to cause the target server to crash. A demonstration exploit transcript is provided in the Source Message.

It is also reported that a remote authenticated user, including an anonymous FTP user (if enabled), can use the cwd, ls, get, and mkdir commands in a similar manner to trigger the crash.

The vendor was reportedly notified on June 11, 2003 and responded the same day.
Impact:  A remote user can cause the FTP service to crash.
Solution:  No solution was available at the time of this entry. The vendor has reportedly indicated that a fix will be included in the next product version (2003), to be available in August 2003.
Vendor URL:  www.nextgen.dk/ (Links to External Site)
Cause:  Boundary error
Underlying OS:  Windows (Any)
Reported By:  Ziv Kamir <vulncode@yahoo.com>
Message History:   None.

 Source Message Contents
Date:  Wed, 11 Jun 2003 08:03:28 -0700 (PDT)
From:  Ziv Kamir <vulncode@yahoo.com>
Subject:  Vulnerability Under NGC Active FTPServer 2002 Ver 2.4

 

This is a multi-part message in MIME format.
--------------010109010006080608010603
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit



Hi ,



------------------------------------------------------------------------
Do you Yahoo!?
The New Yahoo! Search
<http://us.rd.yahoo.com/search/mailsig/*http://search.yahoo.com> -
Faster. Easier. Bingo.

--------------010109010006080608010603
Content-Type: text/plain;
 name="Active_FTP.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="Active_FTP.txt"

11/06/03

Ziv Kamir
---------				

-------------------------------------------------------

Application: NGC Active FTPServer 2002
Web Site:    http://www.nextgen.dk/
Versions:    2.40
Platform:    Windows
Bug:         A remote user can cause the FTP service to crash.
                                       
             
             
Credits:
########

#################################
#                               #
# Ziv Kamir                     #
#                               #
# Email : vulncode@yahoo.com    #
#                               #
#                               #
#################################

---------------------

1) Introduction
2) Bug
3) The Code
4) Fix


===============
1) Introduction
===============

A simple FTP server for your personal needs. No cryptic settings, just a plain vanilla FTP Server, th
at everyone can use. And it's
 very lightweight, takes almost no memory and system resources.


=======
2) Bug
=======


A remote user can send a string of 25001 characters or more as an argument to the USER command to cau
se the target server to crash
 .

A remote authenticated user can cause the service to crash with The cwd , ls , get , mkdir in the sam
e way .


===========
3) The Code
===========


*************************************
>>Telnet 127.0.0.1 21
220 Welcome to NGC Active FTPServer 2002.
>>USER AAAAAAA...AAAAA [25001]
*************************************

======
4) Fix
======

Date of Vendor Notification:

11/06/03

Status:  

>From The Vendor:
----------------
Thanks for your info, even that we already know, and are working on a new version (2003), which shoul
d be avaliable in august.




==============================================================================================

                 *** The Data is for educational purpose only. *** 

     The information in this bulletin is provided "AS IS" without warranty of any 
     kind. In no event shall we be liable for any damages whatsoever including 
     direct, indirect, incidental, consequential, loss of business profits or special damages. 

==============================================================================================











--------------010109010006080608010603--


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC