Vulnerabilities > CVE-2004-0325 - Unspecified vulnerability in Typsoft FTP Server 1.10

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
typsoft
nessus
exploit available

Summary

TYPSoft FTP Server 1.10 allows remote authenticated users to cause a denial of service (CPU consumption) via "//../" arguments to (1) mkd, (2) xmkd, (3) dele, (4) size, (5) retr, (6) stor, (7) appe, (8) rnfr, (9) rnto, (10) rmd, or (11) xrmd, as demonstrated using "//../qwerty".

Vulnerable Configurations

Part Description Count
Application
Typsoft
1

Exploit-Db

descriptionTYPSoft FTP Server 1.1 Remote CPU Consumption Denial Of Service Vulnerability. CVE-2004-0325. Dos exploit for windows platform
idEDB-ID:23731
last seen2016-02-02
modified2004-02-20
published2004-02-20
reporterintuit bug_hunter
sourcehttps://www.exploit-db.com/download/23731/
titleTYPSoft FTP Server 1.1 - Remote CPU Consumption Denial of Service Vulnerability

Nessus

NASL familyFTP
NASL idTYPSOFTFTP_1_10.NASL
descriptionThe remote host appears to be running TYPSoft FTP server. According to its banner, this version of the software has a denial of service vulnerability that can lead to complete exhaustion of CPU resources.
last seen2020-06-01
modified2020-06-02
plugin id12075
published2004-02-25
reporterThis script is Copyright (C) 2004-2018 Audun Larsen
sourcehttps://www.tenable.com/plugins/nessus/12075
titleTYPSoft FTP Server 1.10 Invalid Path Request DoS
code
#
# This script was written by Audun Larsen <[email protected]>
#
# Changes by Tenable:
# - Revised plugin title (2/03/2009)

include("compat.inc");

if(description)
{
 script_id(12075);
 script_version("1.20");
 script_cvs_date("Date: 2018/11/15 20:50:22");

 script_cve_id("CVE-2004-0325");
 script_bugtraq_id(9702);

 script_name(english:"TYPSoft FTP Server 1.10 Invalid Path Request DoS");
 script_summary(english:"Checks for version of TYPSoft FTP server");

 script_set_attribute(
   attribute:"synopsis",
   value:"The remote FTP service has a denial of service vulnerability."
 );
 script_set_attribute(
   attribute:"description",
   value:
"The remote host appears to be running TYPSoft FTP server.  According
to its banner, this version of the software has a denial of service
vulnerability that can lead to complete exhaustion of CPU resources."
 );
 script_set_attribute(
   attribute:"see_also",
   value:"https://seclists.org/bugtraq/2004/Feb/612"
 );
 script_set_attribute(
   attribute:"solution",
   value:"There is no known solution at this time."
 );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:U/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"plugin_publication_date", value: "2004/02/25");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/02/23");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 
 script_copyright(english:"This script is Copyright (C) 2004-2018 Audun Larsen");
 script_family(english:"FTP");

 script_dependencie("ftpserver_detect_type_nd_version.nasl");
 script_require_keys("ftp/typsoftftp");
 script_require_ports("Services/ftp", 21);

 exit(0);
}

#
# The script code starts here
#

include("global_settings.inc");
include("misc_func.inc");
include("ftp_func.inc");


port = get_ftp_port(default:21);

banner = get_ftp_banner(port:port);
if (! banner) exit(1, "No FTP banner on port "+port+".");
if (
  egrep(pattern:".*TYPSoft FTP Server (0\.|1\.[0-9][^0-9]|1\.10[^0-9])", string:banner)
) security_hole(port);