Beyond Security's SecurITeam has discovered two security vulnerabilities in the Broker FTP product, these vulnerabilities allow a remote attacker to repeatedly crash the TsFtpSrv.exe (The FTP Service) and to cause it to used large amount of CPU time.
Credit:
The information has been provided by SecurITeam.
Affected version:
* Broker FTP Server version 6.1.0.0
By connecting and immediately disconnecting to the Broker FTP server's Message Server (by default residing on port 8701) it is possible to cause an exception in the TsFtpSrv.exe program. The exception doesn't cause any harm beside showing a message that the TsFtpSrv.exe has encountered an Application Error.
By connecting and not sending anything (but keeping the connection open), it is possible to cause the TsFtpSrv.exe to utilize large amount of CPU time (basically while the connection is kept open, CPU usage will be 100%).
Workaround:
It is not clear what the Message Server is used for, but modifying the TsFtpSrv.ini's [TSMessageServer] allows an administrator to control what port the server listens on (and change it from the default one).
Exploit:
#!/usr/bin/perl -w
# TransSoft Broker FTP Server DoS (CPU usage and Exception)
#
use Socket;
if (not $ARGV[0]) {
print qq~
Usage: pfdos.pl < host>
~;
exit;}
Vendor Status:
We have informed the vendor over a month ago, to all the emails we could have found on its web site, we have not received any response, as of yet.
