SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Firewall)  >   PowerFTP Vendors:   CooolSoft
CooolSoft PowerFTP Server Can Be Shut Down By Remote Users
SecurityTracker Alert ID:  1005396
SecurityTracker URL:  http://securitytracker.com/id/1005396
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 9 2002
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 2.24
Description:   A vulnerability was reported in CooolSoft's PowerFTP server. A remote user can cause the FTP service to shut down.

It is reported that a remote user can open a session with the FTP service and send a specially crafted string to cause the FTP service to shutdown.

A demonstration exploit is available at:

http://www.securma.fr.fm/PFDOS.ZIP

[Editor's note: It is not clear if this vulnerability is related to or the same as one reported last week affecting the USER command. In that previous alert, it was reported that a remote user could send a specially crafted FTP USER command with approximately 3000 characters to cause the FTP service to crash.]

Impact:   A remote user can cause the FTP service to shut down.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.cooolsoft.com/powerftp.htm (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  new vulnerability inPowerFTP Personal FTP Server


--=_NextPart_Caramail_0040521034173313_ID
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

PowerFTP Personal FTP Server is a multithreaded FTP server
for the MS Windows OS by Cooolsoft.

The PowerFTPd is available from vendor Cooolsoft's website:
http://www.cooolsoft.com
I found a vulnerability has PowerFTP that allows a 
remote user--any user--to shut down the ftp server (tested 
on v 2.24)
I alerted coolsoft (05/10/2002) and as I did not have a 
response until A now
 1 - by opening a session telnet towards server ftp and 
sending a buffer we can crash th server
telnet 127.0.0.1 21
[banner..]
AAA(buffer)
the server is down
2- I realised an exploit being based on another 
vulnerability... I still seek possibility to exploit this 
fault differently. 
you can download and test my exploit 
http://www.securma.fr.fm/PFDOS.ZIP
when the attack is launched there is the following 
message: 
L exeption Exeption logicielle inconnue (0x0eedfade) s'ext 
produite dans l'application a l'emplacement 0x77e7f142

Exeption EFtpCtrlsocketexeption in module FTPServer.exe at 
00059DE6. Data in buffer , cant change size

This was tested against PowerFTP Personal FTP Server v2.24

securma@caramail.com



_________________________________________________________ 
Envoyez des messages musicaux sur le portable de vos amis 
 http://mobile.lycos.fr/mobile/local/sms_musicaux/


--=_NextPart_Caramail_0040521034173313_ID--


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC