SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Questions?
Want to learn about SecurityTracker? We've got answers to frequently asked questions right here
Sign Up!





Category:  Application (File Transfer/Sharing)  >  Meteor FTP Vendors:  Meteorsoft
Meteor FTP Server Command Processing Bug Lets Remote Authenticated Users Crash the Server
SecurityTracker Alert ID:  1004393
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 28 2002
Impact:  Denial of service via network
Exploit Included:  Yes  
Version(s): 1.2b
Description:  A denial of service vulnerability was reported in Meteorsoft's Meteor FTP server for Microsoft Windows operating systems. A remote authenticated user can crash the server.

It is reported that a remote authenticated user can invoke the MKD and STOR commands with a long command argument to cause the server to crash.

A demonstration exploit command is provided:

MKD AAAAAAAAAAAAA...AAAA
STOR AAAAAAAAAAAA...AAAA

The exact number of 'A' characters required to trigger the flaw was not reported.
Impact:  A remote authenticated user can cause the FTP server to crash.
Solution:  No solution was available at the time of this entry.
Vendor URL:  207.202.218.172/ (Links to External Site)
Cause:  Exception handling error
Underlying OS:  Windows (Me), Windows (98)
Reported By:  "SnakeByte / Eric Sesterhenn" <snakebyte@gmx.de>
Message History:   None.

 Source Message Contents
Date:  Mon, 27 May 2002 20:39:29 +0200
From:  "SnakeByte / Eric Sesterhenn" <snakebyte@gmx.de>
Subject:  Problems with various windows FTP servers 

 

Hi,

I am just writing a small set of perl scripts, to test server
implementations
of different protocols agains common problems ( i.e. Buffer overflow and
format strings.. ). The first script is against FTP servers, and just
stupidly
sends stuff to a server, verifies if the server crashes and if it does,
it reports the problem [ www.kryptocrew.de/snakebyte/bed.html ].

Everything has been tested with Win95, I still wait for my new cpu, so I can
install a fine sourcemage gnu/linux on my desktop pc too :), so some
problems
might not be caused by the server itself but by the OS )

The 4 Problems are all not very serious ( maybe the directory traversal is
? )
but I don't think that these FTP's are widely used. Most of the vendors are
informed yesterday. If these bugs are already known I am sorry for this
mail.
The FTP's are the ones I found about a week ago at download.com, so maybe
newer versions exists.

 greetings Eric

ps:
greetings to Duke"plzgreetme"CS
and J for providing beer and playing skat :)

FtpXQ
 MKD AAAAAAAAAAAAA.....AAAA
 ( longer than 254 chars crashes the server)

TransSoft's Broker FTP Server 5.0 Evaluation Version
 CWD ...
 CWD ....
 crashes the server ( sometimes with bsod )


MeteorSoft Meteor FTP 1.2b
 MKD AAAAAAAAAAAAA...AAAA
 STOR AAAAAAAAAAAA...AAAA
 crashes the server

Texas Imperial Software WFTPD
 CWD ...
 CWD ....
 directory traversal possible


--
 www.kryptocrew.de/snakebyte/  -- just my stuff


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC