Denial of Service via FTP

Advertisement

mx61tt
Joined:
Posts:
4
Location:
Brazil

Denial of Service via FTP

Simulating a malicious server, it was possible to crash the application after preparing a response to the listing of modified content for a large number of characters.

I used a Kali machine to execute a poc and simulate a server.

Version of WinSCP: 5.17.8
Version of OS: Windows 7 SP1 x64
  • steps.zip (405.11 KB, Private file)
Description: Step Recorder
  • anonymous@10.0.2.15.log (164.43 KB, Private file)
Description: Session log
  • poc.zip (3.97 KB, Private file)
Description: Poc used to crash the application. Change the IP address for your local host.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
35,490
Location:
Prague, Czechia

Re: Denial of Service via FTP

Thanks for your report. Though I cannot reproduce the problem. I get the listing in GUI without a crash.
I have sent you an email with a debug version of WinSCP to the address you have used to register on this forum.

Reply with quote

mx61tt
Joined:
Posts:
4
Location:
Brazil

Re: Denial of Service via FTP

I was able to crash with the debug version too. Anyway, I'm attaching the log that I got after the crash. Note that if you execute in Windows 10, won't crash. Hope that helps you.

For the crash you need execute in Windows 7.
  • WinSCP-20201030d_dev_log.zip (221.43 KB, Private file)

Reply with quote

martin
Site Admin
martin avatar

Re: Denial of Service via FTP

Thanks. I'm able to reproduce the problem on Windows 7. I'll look at it and I'll come back to you.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
35,490
Location:
Prague, Czechia

Re: Denial of Service via FTP

This bug has been added to the tracker:
https://winscp.net/tracker/1924

I'm sending you an email with a development version of WinSCP to the address you have used to register on this forum.

Reply with quote

Advertisement

You can post new topics in this forum