CVE-2011-0507

Blackmoon FTP Server 3.1 Build 1735-1736 - Denial of Service via PORT Command

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-0507. PoCs published by Craig Freyman.

AI-analyzed exploit summary This exploit triggers a denial-of-service (DoS) in BlackmoonFTP Server by sending a malformed PORT command with an oversized buffer. The repeated connections aim to crash the service.

Description

FTPService.exe in Blackmoon FTP 3.1 Build 1735 and Build 1736 (3.1.7.1736), and possibly other versions before 3.1.8.1737, allows remote attackers to cause a denial of service (crash) via a large number of PORT commands with long arguments, which triggers a NULL pointer dereference. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Craig Freyman · pythondoswindows

https://www.exploit-db.com/exploits/15986

View Code ZIP pw:eip

This exploit triggers a denial-of-service (DoS) in BlackmoonFTP Server by sending a malformed PORT command with an oversized buffer. The repeated connections aim to crash the service.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: BlackmoonFTP Server 3.1 Release 6 - Build 1735 and 1736

No auth needed

Prerequisites: Network access to the target FTP server

MITRE ATT&CK