Vulnerabilities > CVE-2005-3294 - Resource Management Errors vulnerability in Typsoft FTP Server

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
typsoft
CWE-399
nessus
exploit available
NVD
Published: 2005-10-23
Updated: 2011-01-26

Summary

Typsoft FTP Server 1.11, with "Sub Directory Include" enabled, allows remote attackers to cause a denial of service (crash) by sending multiple RETR commands. NOTE: it was later reported that 1.10 is also affected.

Vulnerable Configurations

Part Description Count
Application
Typsoft
10

Common Weakness Enumeration (CWE)

Exploit-Db

  • descriptionTYPSoft FTP Server <= 1.11 (RETR) Denial of Service Vulnerability. CVE-2001-1156,CVE-2005-3294. Dos exploit for windows platform
    idEDB-ID:1251
    last seen2016-01-31
    modified2005-10-14
    published2005-10-14
    reporterwood
    sourcehttps://www.exploit-db.com/download/1251/
    titleTYPSoft FTP Server <= 1.11 RETR Denial of Service Vulnerability
  • descriptionTYPSoft FTP Server 1.10 - RETR CMD Denial of Service. CVE-2005-3294. Dos exploit for windows platform
    fileexploits/windows/dos/15860.py
    idEDB-ID:15860
    last seen2016-02-01
    modified2010-12-29
    platformwindows
    port
    published2010-12-29
    reporteremgent
    sourcehttps://www.exploit-db.com/download/15860/
    titleTYPSoft FTP Server 1.10 - RETR CMD Denial of Service
    typedos
  • descriptionTYPSoft FTP Server v1.10 RETR Command DoS. CVE-2005-3294. Dos exploit for windows platform
    idEDB-ID:12604
    last seen2016-02-01
    modified2010-05-14
    published2010-05-14
    reporterJeremiah Talamantes
    sourcehttps://www.exploit-db.com/download/12604/
    titleTYPSoft FTP Server 1.10 - RETR Command DoS

Nessus

NASL familyFTP
NASL idTYPSOFTFTP_RETR0_DOS.NASL
descriptionThe remote host appears to be using TYPSoft FTP Server, a small FTP server for Windows. According to its banner, the version of TYPSoft FTP Server installed on the remote host is 1.10 or earlier. Such versions suffer from several denial of service vulnerabilities. A remote attacker, possibly using anonymous access, can cause the server to stop responding by sending it an
last seen2020-06-01
modified2020-06-02
plugin id20012
published2005-10-14
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/20012
titleTYPSoft FTP Server <= 1.10 Multiple DoS
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(20012);
  script_version("1.28");
  script_cvs_date("Date: 2018/11/15 20:50:22");

  script_cve_id("CVE-2005-3294", "CVE-2009-1668", "CVE-2009-4105", "CVE-2012-5329");
  script_bugtraq_id(15104, 34901, 37114, 40181, 51891, 52554);
  script_xref(name:"EDB-ID", value:"18469");
  script_xref(name:"EDB-ID", value:"18615");
  script_xref(name:"EDB-ID", value:"8650");
 
  script_name(english:"TYPSoft FTP Server <= 1.10 Multiple DoS");
  script_summary(english:"Checks version in banner.");
 
  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote FTP server is affected by multiple denial of service
vulnerabilities."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host appears to be using TYPSoft FTP Server, a small FTP
server for Windows. 

According to its banner, the version of TYPSoft FTP Server installed
on the remote host is 1.10 or earlier.  Such versions suffer from
several denial of service vulnerabilities.

A remote attacker, possibly using anonymous access, can cause the
server to stop responding by sending it an 'ABOR' command without any
active file transfer in progress or can crash it by sending any one of
a number of specially crafted FTP commands."
  );
  script_set_attribute(
   attribute:"see_also", 
   value:"https://seclists.org/fulldisclosure/2005/Oct/351"
  );
  script_set_attribute(
   attribute:"see_also", 
   value:"https://www.securityfocus.com/archive/1/508048/30/0/threaded"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Remove the affected service or use another product as TYPSoft is no
longer supported."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_cwe_id(20);

  script_set_attribute(attribute:"vuln_publication_date", value: "2005/10/13");
  script_set_attribute(attribute:"plugin_publication_date", value: "2005/10/14");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();
 
  script_category(ACT_GATHER_INFO);
  script_family(english:"FTP");
 
  script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");

  script_dependencies("ftpserver_detect_type_nd_version.nasl");
  script_require_keys("ftp/typsoftftp");
  script_require_ports("Services/ftp", 21);

  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("ftp_func.inc");


port = get_ftp_port(default:21);

# If it looks like TYPSoft FTP...
banner = get_ftp_banner(port:port);
if (! banner) exit(1, "No FTP banner on port "+port+".");
if (
  egrep(pattern:"220[ -]TYPSoft FTP", string:banner)
) {
  # There's a problem if the banner reports it's 1.10 or older.
  if (egrep(pattern:"^220[ -]TYPSoft FTP Server (0\.|1\.(0.*|10) )", string:banner))
  {
    security_warning(port);
    exit(0);
  }
}

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/97139/typsoft110-dos.txt
idPACKETSTORM:97139
last seen2016-12-05
published2010-12-29
reporterEmanuele Gentili
sourcehttps://packetstormsecurity.com/files/97139/TYPSoft-FTP-Server-1.10-Denial-Of-Service.html
titleTYPSoft FTP Server 1.10 Denial Of Service

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:70495
last seen2017-11-19
modified2014-07-01
published2014-07-01
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-70495
titleTYPSoft FTP Server (v 1.10) RETR CMD Denial of Service

References