CVE-2008-6829
published 2009-06-08CVE-2008-6829: VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a LIST command that starts with a "/\/" (forward slash, backward slash, forward…
PriorityP429medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
37.61%
98.3th percentile
VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a LIST command that starts with a "/\/" (forward slash, backward slash, forward slash). NOTE: this might be the same issue as CVE-2008-2031.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vicftps | vicftps | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect the malicious LIST command pattern by inspecting FTP traffic for a LIST argument beginning with the sequence '/\/' (slash-backslash-slash), which triggers the crash in VicFTPS 5.0. ↗
- →The exploit authenticates anonymously (USER Anonymous / PASS [email protected]) before sending the malicious LIST command; monitor FTP sessions using anonymous credentials followed immediately by a LIST command containing backslash characters. ↗
- →The Metasploit auxiliary module auxiliary/dos/windows/ftp/vicftps50_list can be used to reproduce and test for this vulnerability in lab environments. ↗
- ·The NVD entry notes this may be a duplicate of CVE-2008-2031; analysts should cross-reference both CVEs to avoid double-counting detections. ↗
- ·The exploit requires a valid (or anonymous) authenticated FTP session before the malicious LIST command can be sent; unauthenticated network-layer blocking alone is insufficient if anonymous FTP access is permitted. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
vicFTP 5.0 - 'LIST' Remote Denial of Service
exploitdb·2008-10-24
CVE-2008-6829 vicFTP 5.0 - 'LIST' Remote Denial of Service
vicFTP 5.0 - 'LIST' Remote Denial of Service
---
#include
#include
#include
#define __z00ro(a) memset(a,0,sizeof(a));
//greetings : SiD.psycho
//Smallest greetings : Gorion - lofamy cIem We want be like y0U :***
unsigned int setport(const char* port){
if((atoi(port)==0) || (atoi(port)<0)){
return 21;
}
return atoi(port);
}
int main(int argc,char **argv){
printf("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n"
"+=========== vicFTPS v 5.0 REMOTE dos POC ;[ ===========+\n"
"+=========== Alfons Luja sp Z.0.0 ===========+\n"
"+=========== I want clear b00f not a d0s !!! ===========+\n"
"+=========== Propably 0 dAy ===========+\n"
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n");
if(argc<3){
printf("\nuse poc.exe IP PORT\n");
return 0;
}
int socks;
host
Metasploit
Victory FTP Server 5.0 LIST DoS
metasploit
Victory FTP Server 5.0 LIST DoS
Victory FTP Server 5.0 LIST DoS
The Victory FTP Server v5.0 can be brought down by sending a very simple LIST command
No writeups or analysis indexed.
2009-06-08
Published