SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (File Transfer/Sharing)  >   Meteor FTP Vendors:   Meteorsoft
Meteor FTP Server Command Processing Bug Lets Remote Authenticated Users Crash the Server
SecurityTracker Alert ID:  1004393
SecurityTracker URL:  http://securitytracker.com/id/1004393
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 28 2002
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 1.2b
Description:   A denial of service vulnerability was reported in Meteorsoft's Meteor FTP server for Microsoft Windows operating systems. A remote authenticated user can crash the server.

It is reported that a remote authenticated user can invoke the MKD and STOR commands with a long command argument to cause the server to crash.

A demonstration exploit command is provided:

MKD AAAAAAAAAAAAA...AAAA
STOR AAAAAAAAAAAA...AAAA

The exact number of 'A' characters required to trigger the flaw was not reported.

Impact:   A remote authenticated user can cause the FTP server to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  207.202.218.172/ (Links to External Site)
Cause:   Exception handling error
Underlying OS:   Windows (Me), Windows (98)

Message History:   None.


 Source Message Contents

Date:  Mon, 27 May 2002 20:39:29 +0200
Subject:  Problems with various windows FTP servers


Hi,

I am just writing a small set of perl scripts, to test server
implementations
of different protocols agains common problems ( i.e. Buffer overflow and
format strings.. ). The first script is against FTP servers, and just
stupidly
sends stuff to a server, verifies if the server crashes and if it does,
it reports the problem [ www.kryptocrew.de/snakebyte/bed.html ].

Everything has been tested with Win95, I still wait for my new cpu, so I can
install a fine sourcemage gnu/linux on my desktop pc too :), so some
problems
might not be caused by the server itself but by the OS )

The 4 Problems are all not very serious ( maybe the directory traversal is
? )
but I don't think that these FTP's are widely used. Most of the vendors are
informed yesterday. If these bugs are already known I am sorry for this
mail.
The FTP's are the ones I found about a week ago at download.com, so maybe
newer versions exists.

 greetings Eric

ps:
greetings to Duke"plzgreetme"CS
and J for providing beer and playing skat :)

FtpXQ
 MKD AAAAAAAAAAAAA.....AAAA
 ( longer than 254 chars crashes the server)

TransSoft's Broker FTP Server 5.0 Evaluation Version
 CWD ...
 CWD ....
 crashes the server ( sometimes with bsod )


MeteorSoft Meteor FTP 1.2b
 MKD AAAAAAAAAAAAA...AAAA
 STOR AAAAAAAAAAAA...AAAA
 crashes the server

Texas Imperial Software WFTPD
 CWD ...
 CWD ....
 directory traversal possible


--
 www.kryptocrew.de/snakebyte/  -- just my stuff



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC