CVE-2004-0325 in Typsoft Ftp Server
Summary
by MITRE
TYPSoft FTP Server 1.10 allows remote authenticated users to cause a denial of service (CPU consumption) via "//../" arguments to (1) mkd, (2) xmkd, (3) dele, (4) size, (5) retr, (6) stor, (7) appe, (8) rnfr, (9) rnto, (10) rmd, or (11) xrmd, as demonstrated using "//../qwerty".
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 08/17/2025
The vulnerability identified as CVE-2004-0325 represents a significant denial of service weakness in TYPSoft FTP Server version 1.10 that affects authenticated remote users. This flaw operates through a specific pattern of directory traversal arguments that exploit how the server processes certain commands, ultimately leading to excessive cpu consumption and system unavailability. The vulnerability manifests when authenticated users submit malicious "//../" arguments to a range of file system operations including directory creation, deletion, file retrieval, and renaming commands. The attack vector specifically targets commands such as mkd, xmkd, dele, size, retr, stor, appe, rnfr, rnto, rmd, and xrmd, demonstrating the breadth of affected functionality within the ftp server implementation.
This vulnerability falls under the category of improper input validation and weak directory traversal handling, which aligns with CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') and CWE-400 - Uncontrolled Resource Consumption. The flaw operates by exploiting the server's inadequate handling of malformed path arguments, causing the system to consume excessive cpu cycles in processing these malformed inputs. When the server receives the "//../qwerty" argument, it attempts to resolve the directory traversal pattern, leading to recursive or excessive processing that consumes system resources. The implementation lacks proper bounds checking and input sanitization for path arguments, allowing the attacker to craft requests that cause the server to enter resource-intensive processing loops.
The operational impact of this vulnerability extends beyond simple service disruption to potentially compromise the entire ftp server availability. Remote authenticated users who can establish connections to the server can trigger this condition by simply sending specially crafted commands with the malicious path arguments. The resource consumption pattern typically results in high cpu utilization that can affect other services running on the same system or cause the ftp server to become unresponsive to legitimate requests. This vulnerability is particularly concerning because it requires only authentication, meaning that attackers who can obtain valid credentials can exploit this weakness. The attack can be executed repeatedly to maintain the denial of service condition, making it difficult to mitigate without proper input validation or system restarts.
Mitigation strategies for this vulnerability should focus on implementing robust input validation and sanitization mechanisms within the ftp server implementation. The most effective approach involves modifying the server code to properly handle and reject malformed path arguments before they can be processed, particularly those containing directory traversal sequences. System administrators should implement proper access controls and monitor for unusual cpu consumption patterns that might indicate exploitation attempts. The solution requires patching the affected ftp server version or upgrading to a newer implementation that properly handles path arguments. Additionally, network-level monitoring and intrusion detection systems should be configured to detect and alert on suspicious ftp command sequences that contain directory traversal patterns. Organizations should also consider implementing rate limiting and resource monitoring to prevent exploitation from consuming excessive system resources. This vulnerability demonstrates the importance of proper input validation in network services and highlights how seemingly simple path traversal attacks can cause significant operational impact. The weakness is classified under attack technique T1499.004 - Endpoint Denial of Service in the ATT&CK framework, specifically targeting the availability aspect of the CIA triad.