Vulnerabilities > CVE-2008-5666 - Resource Management Errors vulnerability in Wftpserver Winftp FTP Server 2.3.0

047910
CVSS 3.5 - LOW
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
wftpserver
CWE-399
exploit available
metasploit
NVD
Published: 2008-12-19
Updated: 2017-09-29

Summary

WinFTP FTP Server 2.3.0, when passive (aka PASV) mode is used, allows remote authenticated users to cause a denial of service via a sequence of FTP sessions that include an invalid "NLST -1" command.

Vulnerable Configurations

Part Description Count
Application
Wftpserver
1

Common Weakness Enumeration (CWE)

Exploit-Db

  • descriptionWinFTP Server 2.3.0 (NLST) Denial of Service Exploit. CVE-2008-5666. Dos exploit for windows platform
    idEDB-ID:6581
    last seen2016-02-01
    modified2008-09-26
    published2008-09-26
    reporterJulien Bedard
    sourcehttps://www.exploit-db.com/download/6581/
    titleWinFTP Server 2.3.0 NLST Denial of Service Exploit
  • descriptionWinFTP 2.3.0 (PASV mode) Remote Denial of Service Exploit. CVE-2008-5666. Dos exploit for windows platform
    fileexploits/windows/dos/6717.py
    idEDB-ID:6717
    last seen2016-02-01
    modified2008-10-09
    platformwindows
    port
    published2008-10-09
    reporterdmnt
    sourcehttps://www.exploit-db.com/download/6717/
    titleWinFTP 2.3.0 PASV mode Remote Denial of Service Exploit
    typedos

Metasploit

descriptionThis module is a very rough port of Julien Bedard's PoC. You need a valid login, but even anonymous can do it if it has permission to call NLST.
idMSF:AUXILIARY/DOS/WINDOWS/FTP/WINFTP230_NLST
last seen2020-06-13
modified2017-07-24
published2008-09-30
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5666
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/windows/ftp/winftp230_nlst.rb
titleWinFTP 2.3.0 NLST Denial of Service

References