Hexyn / Securax Advisory #19 - Multiple FTP Server DoS Topic: Multiple FTP Server DoS Announced: 2001-02-17 Affects: Serv-U FTP Server, G6 FTP Server, WarFTPd Server,... DISCLAIMER: *********** THE ENTIRE ADVISORY HAS BEEN BASED UPON TRIAL AND ERROR RESULTS. THEREFORE WE CANNOT ENSURE YOU THE INFORMATION BELOW IS 100% CORRECT. THIS DOCUMENT IS SUBJECT TO CHANGE WITHOUT PRIOR NOTICE. THIS ADVISORY HAS ONLY BEEN TESTED ON WINDOWS 98 AND ONLY ON A SMALL COLLECTION OF TEST SERVERS, SO THE OFFERED INFORMATION MAY NOT ALWAYS BE CORRECT. I. Problem Description ********************** There is a DoS attack in most of the FTP Servers available on for Windows 9x/NT. The bug is a consequence of the way Windows handles disk drives. II. Impact ************** When sending the command "retr a:/blah" (or "get a:/blah" in the default UNIX FTP client), the server will freeze for about one second, and the CPU usage will go through the roof. Exploit: -------- Available at: http://t-Omicr0n.hexyn.be/exploits.htm III. Solution ************* At this time, no patch is available yet. IV. Credits *********** Bug discovered by t-Omicr0n Greets to: f0bic, The Incubus, R00T-dude, cicer0, vorlon, sentinel, oPr, Reggie, F_F, Shaolin_p, Segfau|t, NecrOmaN, Zym0t1c, l0r3, Preat0r, T0SH, zeroX, AreS, tips, Lacrima, GigaByte and everyone at #securax@irc.hexyn.be -- t-Omicr0n @ http://t-Omicr0n.hexyn.be