Problems with various windows FTP servers

2002-05-28T00:00:00
ID SECURITYVULNS:DOC:2999
Type securityvulns
Reporter Securityvulns
Modified 2002-05-28T00:00:00

Description

Hi,

I am just writing a small set of perl scripts, to test server implementations of different protocols agains common problems ( i.e. Buffer overflow and format strings.. ). The first script is against FTP servers, and just stupidly sends stuff to a server, verifies if the server crashes and if it does, it reports the problem [ www.kryptocrew.de/snakebyte/bed.html ].

Everything has been tested with Win95, I still wait for my new cpu, so I can install a fine sourcemage gnu/linux on my desktop pc too :), so some problems might not be caused by the server itself but by the OS )

The 4 Problems are all not very serious ( maybe the directory traversal is ? ) but I don't think that these FTP's are widely used. Most of the vendors are informed yesterday. If these bugs are already known I am sorry for this mail. The FTP's are the ones I found about a week ago at download.com, so maybe newer versions exists.

greetings Eric

ps: greetings to Duke"plzgreetme"CS and J for providing beer and playing skat :)

FtpXQ MKD AAAAAAAAAAAAA.....AAAA ( longer than 254 chars crashes the server)

TransSoft's Broker FTP Server 5.0 Evaluation Version CWD ... CWD .... crashes the server ( sometimes with bsod )

MeteorSoft Meteor FTP 1.2b MKD AAAAAAAAAAAAA...AAAA STOR AAAAAAAAAAAA...AAAA crashes the server

Texas Imperial Software WFTPD CWD ... CWD .... directory traversal possible

-- www.kryptocrew.de/snakebyte/ -- just my stuff