Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src / Print Next >>

Date: Mon, 4 Feb 2008 22:31:49 +0100
From: Luigi Auriemma <aluigi@autistici.org.>
To: [email protected], [email protected],
Subject: Socket termination in FTP Log Server 7.9.14.0
Message-Id: <20080204223149.fcce4c63.aluigi@autistici.org.>
X-Mailer: 
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: antivirus-gw at tyumen.ru


#######################################################################

                             Luigi Auriemma


Application:  FTP Log Server
              http://www.wsftp.com
Versions:     <= 7.9.14.0
Platforms:    Windows
Bug:          socket termination
Exploitation: remote
Date:         04 Feb 2008
Author:       Luigi Auriemma
              e-mail: [email protected]
              web:    aluigi.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


FTP Log Server is a daemon installed and running with Ipswitch WS_FTP
which works on the UDP port 5151 and is used for all the logging
operations of this FTP server.


#######################################################################

======
2) Bug
======


Sending more than 20 packets of a size major than 4096 bytes (the
maximum size of a packet which can be received by the server) within
less than one second between them causes the silent termination of the
listening socket (offset 004013FD), so the process of the daemon will
continue to be active but it will no longer handle the log commands of
the FTP or any other server which supports it.

Although the daemon binds all the interfaces (and I doubt an admin
leaves the UDP port 5151 accessible from Internet, moreover to avoid
custom entries in the XML logs) the main scenario of a possible
exploiting of this vulnerability is in a LAN environment for example
used for disabling the logging service and starting a brute forcing
attack versus the machine on which is running the FTP server and so on.


#######################################################################

===========
3) The Code
===========


http://aluigi.org/testz/udpsz.zip

  udpsz -l 100 SERVER 5151 4097


#######################################################################

======
4) Fix
======


No fix


#######################################################################


--- 
Luigi Auriemma
http://aluigi.org

<< Previous INDEX Search src / Print Next >>

Партнёры:

Хостинг: