A-FTP Anonymous FTP Server Remote DoS attack Vulnerability

From: Cartel Informatique Security Research Labs (srl@cartel-info.fr)
Date: Thu Jun 21 2001 - 07:26:09 PDT

Next message: Larry W. Cashdollar: "suid scotty (ntping) overflow (fwd)"

Previous message: Cartel Informatique Security Research Labs: "Cerberus FTP Server 1.x Remote DoS attack Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

A-FTP Anonymous FTP Server Remote DoS attack Vulnerability

Cartel Advisory Code:  CART-0102


Vendor Affected:

A-FTP Server - Eirik Helgeland 
softheadat_private / softhead@x-stream.no


What It Is (from the author):
A free Unix Compatible Anonymous FTP server, running hidden from the
user.
Can be started from a floppy without changing any ini or registry
settings on the host 
machine.


Public Disclosure Date:
21-06-2001


Systems Affected:
a-FTP Anonymous FTP Server

Credits: 
Nicolas Brulez - Brulez@cartel-info.fr

Problem:

Cartel security team has found a buffer overflow in the A-FTP anonymous
FTP server,
which means that an attacker can execute a denial of service attack
against it.
Once the big buffer has been sent, the server is vulnerable.
Only one more connection is needed to make the FTP service unavailable.


extra Notes: 

If noone tries to login before the attacker's logout, the server will
still work.
Here comes a fully working exploit given as a proof of concept for
educational purpose
only.
This exploit has been fully coded in Win32 assembly language.
Cartel security team can't be held responsible for anything you do with
this file.

Example: 

220 Anonymous FTP Server Ready
USER [buffer]


[buffer] is around 2048 characters. (more or less)
It now needs a connection in order to crash.
Something like a : "ftp ip" will do the trick.
result : FTP service is unavaiable.



Date of Vendor Notification:
20-6-2001

Status:  

Waiting answer from the author.

Fix: 
none yet.


Greetings to my friends at:

USSR, Hert,Vauban systems and qualys.


About:

Cartel is a company based in France, dedicated to Research about network
security and
application security systems.


Security services provided are :

- Firewalls testing
- Network Penetration Testing
- Application Security Testing
- Data protecting
- Intrusion Detection systems
- Binary auditing
- Secured hosting
- Antivirus
- PKI
- VPN

Copyright (c) Cartel informatique Security Research LABS.
This Document is copyrighted.It can't be edited nor republished
without explicit consent of CARTEL LABS.


For more informations, feel free to contact us.

Cartel info security research labs
mail: srl@cartel-info.fr
http://securite.cartel-info.fr/  (french site)

application/octet-stream attachment: aftpkill.EXE

Next message: Larry W. Cashdollar: "suid scotty (ntping) overflow (fwd)"
Previous message: Cartel Informatique Security Research Labs: "Cerberus FTP Server 1.x Remote DoS attack Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jun 21 2001 - 17:26:42 PDT