ID CVE-2008-5666
Summary WinFTP FTP Server 2.3.0, when passive (aka PASV) mode is used, allows remote authenticated users to cause a denial of service via a sequence of FTP sessions that include an invalid "NLST -1" command.
References
Vulnerable Configurations
  • cpe:2.3:a:wftpserver:winftp_ftp_server:2.3.0
    cpe:2.3:a:wftpserver:winftp_ftp_server:2.3.0
CVSS
Base: 3.5 (as of 19-12-2008 - 09:31)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
  • description WinFTP Server 2.3.0 (NLST) Denial of Service Exploit. CVE-2008-5666. Dos exploit for windows platform
    id EDB-ID:6581
    last seen 2016-02-01
    modified 2008-09-26
    published 2008-09-26
    reporter Julien Bedard
    source https://www.exploit-db.com/download/6581/
    title WinFTP Server 2.3.0 NLST Denial of Service Exploit
  • description WinFTP 2.3.0 (PASV mode) Remote Denial of Service Exploit. CVE-2008-5666. Dos exploit for windows platform
    file exploits/windows/dos/6717.py
    id EDB-ID:6717
    last seen 2016-02-01
    modified 2008-10-09
    platform windows
    port
    published 2008-10-09
    reporter dmnt
    source https://www.exploit-db.com/download/6717/
    title WinFTP 2.3.0 PASV mode Remote Denial of Service Exploit
    type dos
metasploit via4
description This module is a very rough port of Julien Bedard's PoC. You need a valid login, but even anonymous can do it if it has permission to call NLST.
id MSF:AUXILIARY/DOS/WINDOWS/FTP/WINFTP230_NLST
last seen 2019-03-26
modified 2017-07-24
published 2008-09-30
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/windows/ftp/winftp230_nlst.rb
title WinFTP 2.3.0 NLST Denial of Service
refmap via4
exploit-db 6717
sectrack 1021040
secunia 32209
sreason 4785
vupen ADV-2008-2801
xf winftpserver-nlst-dos(45806)
Last major update 07-03-2011 - 22:14
Published 18-12-2008 - 20:52
Last modified 28-09-2017 - 21:32
Back to Top