Sami FTP Server Multiple Denial Of Service Vulnerabilities

Bugtraq ID:	9657
Class:	Failure to Handle Exceptional Conditions
CVE:
Remote:	Yes
Local:	No
Published:	Feb 13 2004 12:00AM
Updated:	Feb 13 2004 12:00AM
Credit:	Discovery of these vulnerabilities have been credited to "intuit e.b." <[email protected]>.
Vulnerable:	KarjaSoft Sami FTP Server 1.1.3
Not Vulnerable:

Sami FTP Server Multiple Denial Of Service Vulnerabilities

Sami FTP Server has been reported prone to multiple remote denial of service vulnerabilities. It has been reported that an attacker who has sufficient credentials to access a vulnerable server, may cause the pmsystem.exe executable to raise a fatal exception by making unexpected FTP requests.

Sami FTP Server Multiple Denial Of Service Vulnerabilities

The following examples have been provided:

cd ~
cd /../
get <something unavailable>
ftp://user:[email protected]////

Sami FTP Server Multiple Denial Of Service Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Sami FTP Server Multiple Denial Of Service Vulnerabilities

References:

• Sami FTP Server Homepage (KarjaSoft)
  
• Sami FTP Server 1.1.3 multiple vulnerabilities ("intuit e.b." )