Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: SurgeFTP vulnerabilities
From: Alun Jones <alun () texis com>
Date: Mon, 25 Jun 2001 09:42:34 -0500

At 03:08 AM 6/19/2001, you wrote:
Issue:
2.) FTP allows anybody to DOS the machine with a well known con/con attack.

Exploit:
2.) Connect to the server with anonymous and type cd con/con (yes, this is
well know and works with MANY other too, but we think it should be
filtered).

While filtering such a command line may be a worthy suggestion, and is certainly implemented in our own software, it is far from a perfect (or even appropriate) solution.

CON/CON is easy to avoid - you just filter on CON/CON. But then you also have to consider _every_ other DOS device name (MS calls them DDNs, in KB articles that reference them) that is, or could be, on your system. CLOCK$, for instance, can be used instead of CON, as can AUX, PRN, LPT1-9, etc, etc. Okay, you say, so you filter the standard DDNs out. Then you have to worry about non-standard, but possibly popular DDNs.

There is no system call (that I could find after several days of searching) that will enumerate the available DDNs, and there appears to be no interest in generating a patch that will prevent this DDN\DDN blue-screen error. The only option available to developers is to filter on as many known DDNs as possible, and allow the user to extend that filter as and when necessary. This, of course, requires a substantially educated user, which is almost always the weakest possible means of securing a system.

Alun.
~~~~

--
Texas Imperial Software   | Try WFTPD, the Windows FTP Server. Find us at
1602 Harvest Moon Place   | http://www.wftpd.com or email alun () texis com
Cedar Park TX 78613-1419  | VISA/MC accepted.  NT-based sites, be sure to
Fax/Voice +1(512)378-3246 | read details of WFTPD Pro for NT.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault