mailing list archives
How to crash a harddisk - the Ipswitch WS_FTP Server way
From: "Hugh Mann" <hughmann () hotmail com>
Date: Tue, 23 Mar 2004 07:10:41 +0000
Advisory Name: How to crash a harddisk - the Ipswitch WS_FTP Server way
Impact : Denial of Service
Discovered by: Hugh Mann hughmann () hotmail com
Tested progs : Ipswitch WS_FTP Server 4.0.2.EVAL
It's possible for any user with write access to a directory, even when
there's a limit to how much data the user can upload, to use up all
available disk space on any partition it can upload to. Even a slow modem
user can do this because the user only needs to send a few bytes to the
The REST command is used to change the file pointer where new data will be
written to the file next time the user sends an upload command such as STOR.
A user can create arbitrary sized files (up to 2^64-1 bytes) by specifying a
large value as the argument to REST and then sending a small file with STOR.
WS_FTP Server doesn't count the extra bytes starting from the end of the
original file to the new file pointer location when checking if the user can
upload more bytes. The next time the user tries to upload a file, WS_FTP
Server will give an error.
Save this in a file called ftpcmds.txt, after changing the FTP server name,
username, and password.
quote REST 1073741822
Then start it:
to see the result. It will create a 1GB file and then delete it.
Is your PC infected? Get a FREE online computer virus scan from McAfee®
Full-Disclosure - We believe in it.
- How to crash a harddisk - the Ipswitch WS_FTP Server way Hugh Mann (Mar 23)