I am just writing a small set of perl scripts, to test server implementations of different protocols agains common problems ( i.e. Buffer overflow and format strings.. ). The first script is against FTP servers, and just stupidly sends stuff to a server, verifies if the server crashes and if it does, it reports the problem [ www.kryptocrew.de/snakebyte/bed.html ].
Everything has been tested with Win95, I still wait for my new cpu, so I can install a fine sourcemage gnu/linux on my desktop pc too :), so some problems might not be caused by the server itself but by the OS )
The 4 Problems are all not very serious ( maybe the directory traversal is ? ) but I don't think that these FTP's are widely used. Most of the vendors are informed yesterday. If these bugs are already known I am sorry for this mail. The FTP's are the ones I found about a week ago at download.com, so maybe newer versions exists.
ps: greetings to Duke"plzgreetme"CS and J for providing beer and playing skat :)
FtpXQ MKD AAAAAAAAAAAAA.....AAAA ( longer than 254 chars crashes the server)
TransSoft's Broker FTP Server 5.0 Evaluation Version CWD ... CWD .... crashes the server ( sometimes with bsod )
MeteorSoft Meteor FTP 1.2b MKD AAAAAAAAAAAAA...AAAA STOR AAAAAAAAAAAA...AAAA crashes the server
Texas Imperial Software WFTPD CWD ... CWD .... directory traversal possible
-- www.kryptocrew.de/snakebyte/ -- just my stuff