SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (File Transfer/Sharing)  >   WFTPD Pro Vendors:   Texas Imperial Software
(Vendor Indicates Problem May Be With Windows NT OS) Re: WTFPD Pro FTP Server for Windows Allows Remote Users to Crash the Server [Vendor Vigorously Disputes This Claim]
SecurityTracker Alert ID:  1001426
SecurityTracker URL:  http://securitytracker.com/id/1001426
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 25 2001
Impact:   Denial of service via network, Execution of arbitrary code via network

Version(s): 3.00 R4
Description:   It is reported that WFTPD Pro version contains a vulnerability that allow a remote user to crash the FTP server and may allow the remote user to execute arbitrary code on the server. Please note that the vendor vigorously disputes the claim.

The vendor indicates that the problem reported in the original message (see Message History) is not caused by WFTPD Pro, but is due to an unchecked buffer in the Windows NT 4.0 API function "GetFullPathName". Windows 2000 is reportedly immune from this vulnerability.

The vendor is working to resolve the details.
Impact:   A remote user can cause the FTP server to crash. It may also be possible for a remote user to execute arbitrary on the server, but this has not been demonstrated.
Solution:   No solution was available at the time of this entry. The vendor states that the product is not vulnerable.
Vendor URL:  www.wftpd.com/ (Links to External Site)
Cause:   Boundary error
Underlying OS:   Windows (NT)

Message History:   This archive entry is a follow-up to the message listed below.
Apr 23 2001 WFTPD Pro FTP Server for Windows Allows Remote Users to Crash the Server [Vendor Vigorously Disputes This Claim]


 Source Message Contents
Date:  Tue, 24 Apr 2001 17:22:46 -0500
Subject:  GetFullPathName overflow - was 'Re: WFTPD "Pro" 3.0 R4 Buffer


At 02:44 PM 4/23/2001, Alun Jones wrote:
>>The latest version of WFTPD is vulnerable to a buffer overflow in the
>>RETR and CWD commands. The overflow can be used to completely disable
>>the FTP server, and can probably be exploited to run arbitrary code
>>on the server host.
>
>Again, incorrect.  The buffer overflow claimed here, and its accompanying
>"exploit" code posted by Mr Budney, are not effective against WFTPD or
>WFTPD Pro in any form.  A normal FTP error response is given, and the
>server continues in its operation.  Needless to say, anyone who, like Mr
>Budney, is unwilling to take the word of a vendor, is welcome to download
>and try our software against this reported vulnerability.  We would welcome
>any corrections.

Further analysis of reports from a customer's report of similar behaviour
as this suggests that the problem discovered by Mr Budney is not caused by
WFTPD Pro, but is an unchecked buffer in the Windows NT 4.0 API function
"GetFullPathName".  Windows 2000 is clearly immune - and had Mr Bundey's
original post included details of the OS he was running, we could have
found the real culprit far quicker.

Needless to say, while the bug appears to be in the operating system
itself, it's clear that bracketing the call to GetFullPathName with code
designed to prevent the bug from appearing is in order.  Once we are sure
of the full scope of this bug, we shall be releasing a workaround for it,
and reporting the full details to this list - we can be sure that other
programs call GetFullPathName, and some may do so in ways that can trigger
this bug.

As buffer overflows so often occur in places other than where they appear,
it's likely that until we get down to a small piece of code that clearly
shows the problem, we can't guarantee that this is the end of our
search.  It is still possible, of course, that something else is
responsible for memory corruption that causes this overflow.  This posting,
while somewhat lacking in hard, provable, information, is in response to
several phone calls we have received today regarding this report.

Alun.
~~~~

--
Texas Imperial Software   | Try WFTPD, the Windows FTP Server. Find us at
1602 Harvest Moon Place   | http://www.wftpd.com or email alun@texis.com
Cedar Park TX 78613-1419  | VISA/MC accepted.  NT-based sites, be sure to
Fax/Voice +1(512)378-3246 | read details of WFTPD Pro for NT.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC