CooolSoft PowerFTP Server Can Be Shut Down By Remote Users - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Firewall) > PowerFTP

Vendors: CooolSoft

CooolSoft PowerFTP Server Can Be Shut Down By Remote Users

SecurityTracker Alert ID: 1005396

SecurityTracker URL: http://securitytracker.com/id/1005396

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Oct 9 2002

Impact: Denial of service via network

Exploit Included: Yes

Version(s): 2.24

Description: A vulnerability was reported in CooolSoft's PowerFTP server. A remote user can cause the FTP service to shut down.

It is reported that a remote user can open a session with the FTP service and send a specially crafted string to cause the FTP service to shutdown.

A demonstration exploit is available at:

http://www.securma.fr.fm/PFDOS.ZIP

[Editor's note: It is not clear if this vulnerability is related to or the same as one reported last week affecting the USER command. In that previous alert, it was reported that a remote user could send a specially crafted FTP USER command with approximately 3000 characters to cause the FTP service to crash.]

Impact: A remote user can cause the FTP service to shut down.

Solution: No solution was available at the time of this entry.

Vendor URL: www.cooolsoft.com/powerftp.htm (Links to External Site)

Cause: Exception handling error

Underlying OS: Windows (Any)

Message History: None.

Source Message Contents

Date: Wed, 09 Oct 2002 16:21:53 GMT+1
Subject: new vulnerability inPowerFTP Personal FTP Server


--=_NextPart_Caramail_0040521034173313_ID
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

PowerFTP Personal FTP Server is a multithreaded FTP server
for the MS Windows OS by Cooolsoft.

The PowerFTPd is available from vendor Cooolsoft's website:
http://www.cooolsoft.com
I found a vulnerability has PowerFTP that allows a 
remote user--any user--to shut down the ftp server (tested 
on v 2.24)
I alerted coolsoft (05/10/2002) and as I did not have a 
response until A now
 1 - by opening a session telnet towards server ftp and 
sending a buffer we can crash th server
telnet 127.0.0.1 21
[banner..]
AAA(buffer)
the server is down
2- I realised an exploit being based on another 
vulnerability... I still seek possibility to exploit this 
fault differently. 
you can download and test my exploit 
http://www.securma.fr.fm/PFDOS.ZIP
when the attack is launched there is the following 
message: 
L exeption Exeption logicielle inconnue (0x0eedfade) s'ext 
produite dans l'application a l'emplacement 0x77e7f142

Exeption EFtpCtrlsocketexeption in module FTPServer.exe at 
00059DE6. Data in buffer , cant change size

This was tested against PowerFTP Personal FTP Server v2.24

securma@caramail.com



_________________________________________________________ 
Envoyez des messages musicaux sur le portable de vos amis 
 http://mobile.lycos.fr/mobile/local/sms_musicaux/


--=_NextPart_Caramail_0040521034173313_ID--

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC