Secunia

Secunia has identified a vulnerability in Mabry Software's FTPServer/X component, which can be exploited by malicious people to cause a DoS (Denial of Service) on a vulnerable FTP server or potentially compromise it.

The vulnerability is caused due to a boundary error, when the FTP Server returns responses, which include user input. This can be exploited by sending an overly long, specially crafted request, which causes the FTP server to return a reply that triggers a buffer overflow.

Successful exploitation will crash the FTP server requiring a manual restart, before functionality is restored. However, it may potentially also be possible to exploit the vulnerability to execute arbitrary code on a vulnerable system with the privileges of the FTP server.

Example:
telnet [victim] 21
USER AAAA...[995-1017]...AAAA

The FTP Server will crash when the "331 Password required for %s" response is returned.

The following versions have been confirmed vulnerable, but prior versions may also be affected:

FTPServer/X v1.00.045 and v1.00.046.

These have been identified in the following products:

- Simple FTPServer Example (included with affected FTPServer/X components)
- Mollensoft FTP Server 3.5.2 (formerly known as Hyperion)
- Hyperion FTP Server 3.0.0 (updated version downloaded 10/04/2003)

NOTE: Any FTP server using FTPServer/X may be vulnerable.

Solution
Mabry Software has fixed the vulnerability in FTPServer/X version 1.00.047:
Further details available in Customer Area

Provided and/or discovered by
Carsten H. Eiram, Secunia Research.

Original Advisory
For more information:
http://secunia.com/secunia_research/2003-3/

Deep Links
Links available in Customer Area