Vulnerabilities > CVE-2008-6082 - Resource Management Errors vulnerability in Southrivertech Titan FTP Server 6.26

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
southrivertech
CWE-399
nessus
exploit available
metasploit
NVD
Published: 2009-02-06
Updated: 2017-09-29

Summary

Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command.

Vulnerable Configurations

Part Description Count
Application
Southrivertech
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionTitan FTP server 6.26 build 630 Remote Denial of Service Exploit. CVE-2008-6082. Dos exploit for windows platform
fileexploits/windows/dos/6753.py
idEDB-ID:6753
last seen2016-02-01
modified2008-10-14
platformwindows
port
published2008-10-14
reporterdmnt
sourcehttps://www.exploit-db.com/download/6753/
titleTitan FTP server 6.26 build 630 - Remote Denial of Service Exploit
typedos

Metasploit

descriptionThe Titan FTP server v6.26 build 630 can be DoS'd by issuing "SITE WHO". You need a valid login so you can send this command.
idMSF:AUXILIARY/DOS/WINDOWS/FTP/TITAN626_SITE
last seen2020-06-12
modified2017-07-24
published2009-01-09
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6082
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/windows/ftp/titan626_site.rb
titleTitan FTP Server 6.26.630 SITE WHO DoS

Nessus

NASL familyFTP
NASL idTITAN_FTP_6_26_631.NASL
descriptionThe version of Titan FTP Server installed on the remote host goes into an unstable state when it receives a
last seen2020-06-01
modified2020-06-02
plugin id34434
published2008-10-16
reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/34434
titleTitan FTP Server SITE WHO Command Resource Consumption DoS
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if (description)
{
  script_id(34434);
  script_version("1.18");

  script_cve_id("CVE-2008-6082");
  script_bugtraq_id(31757);
  script_xref(name:"EDB-ID", value:"6753");

  script_name(english:"Titan FTP Server SITE WHO Command Resource Consumption DoS");
  script_summary(english:"Checks version in banner or sends SITE WHO");

 script_set_attribute(attribute:"synopsis", value:
"The remote FTP server is prone to a denial of service attack." );
 script_set_attribute(attribute:"description", value:
"The version of Titan FTP Server installed on the remote host goes into
an unstable state when it receives a 'SITE WHO' command.  An
unauthenticated, remote attacker can leverage this issue to deny
service to legitimate users." );
 script_set_attribute(attribute:"see_also", value:"http://www.southrivertech.com/products/titanftp/verhist.html" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to Titan FTP Server version 6.26, build 631 or later." );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(399);
 script_set_attribute(attribute:"plugin_publication_date", value: "2008/10/16");
 script_cvs_date("Date: 2018/08/01 17:36:12");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();


  script_category(ACT_MIXED_ATTACK);
  script_family(english:"FTP");

  script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.");

  script_dependencies("ftpserver_detect_type_nd_version.nasl");
  script_require_ports("Services/ftp", 21);

  exit(0);
}


include("global_settings.inc");
include("ftp_func.inc");


port = get_ftp_port(default: 21);


# Make sure the banner looks like Titan FTP.
banner = get_ftp_banner(port:port);
if (!banner || " Titan FTP Server" >!< banner) exit(0);


if (safe_checks())
{
  # Identify the version.
  version = strstr(banner, " Titan FTP Server ") - " Titan FTP Server ";
  version = version - strstr(version, " Ready");

  if (version)
  {
    ver = split(version, sep:'.', keep:FALSE);
    for (i=0; i<max_index(ver); i++)
      ver[i] = int(ver[i]);

    if (
      ver[0] < 6 ||
      (
        ver[0] == 6 && 
        (
          ver[1] < 26 ||
          (ver[1] == 26 && ver[2] < 631)
        )
      )
    )
    {
      if (report_verbosity)
      {
        version_ui = string(ver[0], ".", ver[1], " Build ", ver[2]);
        report = string(
          "\n",
          "Titan FTP ", version_ui, " appears to be running on the remote host.\n",
          "\n",
          "Note that Nessus did not actually try to exploit this issue because\n",
          "Safe Checks were enabled when the scan was run.\n"
        );
        security_warning(port:port, extra:report);
      }
      else security_warning(port);
    }
  }
  exit(0);
}
else
{
  # Try to exploit the issue.
  soc = open_sock_tcp(port);
  if (!soc) exit(1);

  s = ftp_recv_line(socket:soc);

  send(socket:soc, data: 'SITE WHO\r\n');
  s = ftp_recv_line(socket:soc);

  # Try to reconnect, send a command, and get a response.
  for (iter=0; iter<5; iter++)
  {
    soc2 = open_sock_tcp(port);
    if (soc2)
    {
      s = ftp_recv_line(socket:soc2);
      if (s)
      {
        c = strcat('USER ', SCRIPT_NAME, '\r\n');
        send(socket:soc2, data: c);
        s = ftp_recv_line(socket:soc2);
        ftp_close(socket:soc2);
        if (s) exit(0);
      }
    }
    sleep(1);
  }
  security_warning(port);
}

References