Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   


Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker

Category:   Application (File Transfer/Sharing)  >   Meteor FTP Vendors:   Meteorsoft
Meteor FTP Server Command Processing Bug Lets Remote Authenticated Users Crash the Server
SecurityTracker Alert ID:  1004393
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 28 2002
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 1.2b
Description:   A denial of service vulnerability was reported in Meteorsoft's Meteor FTP server for Microsoft Windows operating systems. A remote authenticated user can crash the server.

It is reported that a remote authenticated user can invoke the MKD and STOR commands with a long command argument to cause the server to crash.

A demonstration exploit command is provided:


The exact number of 'A' characters required to trigger the flaw was not reported.

Impact:   A remote authenticated user can cause the FTP server to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Windows (Me), Windows (98)

Message History:   None.

 Source Message Contents

Date:  Mon, 27 May 2002 20:39:29 +0200
Subject:  Problems with various windows FTP servers


I am just writing a small set of perl scripts, to test server
of different protocols agains common problems ( i.e. Buffer overflow and
format strings.. ). The first script is against FTP servers, and just
sends stuff to a server, verifies if the server crashes and if it does,
it reports the problem [ ].

Everything has been tested with Win95, I still wait for my new cpu, so I can
install a fine sourcemage gnu/linux on my desktop pc too :), so some
might not be caused by the server itself but by the OS )

The 4 Problems are all not very serious ( maybe the directory traversal is
? )
but I don't think that these FTP's are widely used. Most of the vendors are
informed yesterday. If these bugs are already known I am sorry for this
The FTP's are the ones I found about a week ago at, so maybe
newer versions exists.

 greetings Eric

greetings to Duke"plzgreetme"CS
and J for providing beer and playing skat :)

 ( longer than 254 chars crashes the server)

TransSoft's Broker FTP Server 5.0 Evaluation Version
 CWD ...
 CWD ....
 crashes the server ( sometimes with bsod )

MeteorSoft Meteor FTP 1.2b
 crashes the server

Texas Imperial Software WFTPD
 CWD ...
 CWD ....
 directory traversal possible

--  -- just my stuff


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, LLC