SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (File Transfer/Sharing)  >   WFTPD Pro Vendors:   Texas Imperial Software
(Vendor Rejects Claim) Re: WTFPD Pro FTP Server for Windows Allows Remote Users to Crash the Server [Vendor Vigorously Disputes This Claim]
SecurityTracker Alert ID:  1001421
SecurityTracker URL:  http://securitytracker.com/id/1001421
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 24 2001
Impact:   Denial of service via network, Execution of arbitrary code via network

Version(s): 3.00 R4
Description:   It is reported that WFTPD Pro version contains a vulnerability that allow a remote user to crash the FTP server and may allow the remote user to execute arbitrary code on the server. Please note that the vendor vigorously disputes the claim.

The vendor states that the product is not vulnerable and that the demonstration exploit code posted is not effective against WFTPD or WFTPD Pro in any form. According to the vendor, a normal FTP error response is given, and the server continues in its operation.

See the source message for details on the vendor's full response.
Impact:   The vendor indicates that the product is not vulnerable.
Solution:   The vendor states that the product is not vulnerable.
Vendor URL:  www.wftpd.com/ (Links to External Site)
Cause:   Boundary error
Underlying OS:   Windows (NT)

Message History:   This archive entry is a follow-up to the message listed below.
Apr 23 2001 WFTPD Pro FTP Server for Windows Allows Remote Users to Crash the Server [Vendor Vigorously Disputes This Claim]


 Source Message Contents
Date:  Mon, 23 Apr 2001 14:44:55 -0500
Subject:  Re: WFTPD "Pro" 3.0 R4 Buffer Overflow


At 03:20 PM 4/22/2001, Len Budney wrote:
>WFTP is the Win/NT FTP server by Alun Jones

Incorrect.  WFTP was a short-lived FTP _client_, by someone else
entirely.  _WFTPD_ is the Windows (all versions) FTP server by Texas
Imperial Software.

>The latest version of WFTPD is vulnerable to a buffer overflow in the
>RETR and CWD commands. The overflow can be used to completely disable
>the FTP server, and can probably be exploited to run arbitrary code
>on the server host.

Again, incorrect.  The buffer overflow claimed here, and its accompanying
"exploit" code posted by Mr Budney, are not effective against WFTPD or
WFTPD Pro in any form.  A normal FTP error response is given, and the
server continues in its operation.  Needless to say, anyone who, like Mr
Budney, is unwilling to take the word of a vendor, is welcome to download
and try our software against this reported vulnerability.  We would welcome
any corrections.

>This problem was already reported for version 3.0 R1 on March 3, 2001
>[1], and the author claimed that he had "fixed" the overflow. What he
>apparently did was make the buffers bigger; now instead of ~500 characters
>overflowing the buffer, it takes ~32K instead.

Again, incorrect.  The author _did_ fix the overflow, and what the author
_actually_ did, rather than any surmise in Mr Budney's mind, was to check
the size of input string against local buffers, and either dynamically
re-size the buffers, trim the string, or ignore the command
altogether.  While no author can claim that his code is entirely free from
bugs, _this_ vulnerability is not an issue with current versions of WFTPD
and WFTPD Pro.  Particularly, a CWD or RETR command with 32k of argument
does _not_ cause WFTPD or WFTPD Pro to crash, hang, or otherwise
misbehave.  I have myself tested this against a command line with a million
characters without any apparent adverse effects.

Rather ironically, given ongoing discussion on vendor notification in
comp.security.unix, Mr Budney could have saved himself the embarrassment of
having filed such a poorly-researched bug report had he contacted the
vendors of WFTPD before posting to Bugtraq.

Alun Jones
President, Texas Imperial Software

--
Texas Imperial Software   | Try WFTPD, the Windows FTP Server. Find us at
1602 Harvest Moon Place   | http://www.wftpd.com or email alun@texis.com
Cedar Park TX 78613-1419  | VISA/MC accepted.  NT-based sites, be sure to
Fax/Voice +1(512)378-3246 | read details of WFTPD Pro for NT.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC