New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2011-0762 VSFTPD DOS attack #18004
Conversation
Thanks for your pull request! Before this pull request can be merged, it must pass the checks of our automated linting tools. We use Rubocop and msftidy to ensure the quality of our code. This can be ran from the root directory of Metasploit:
You can automate most of these changes with the
Please update your branch after these have been made, and reach out if you have any problems. |
So I've tested the module and it works now. So is anything missing for merging? |
If anyone is wanting to test this easily. Heres a dockerfile to make an image of the application data FROM archlinux:latest as build
RUN pacman -Sy --noconfirm gcc make libnsl
RUN curl -O https://security.appspot.com/downloads/vsftpd-2.3.2.tar.gz
RUN tar zxf vsftpd-2.3.2.tar.gz
WORKDIR /vsftpd-2.3.2
RUN make
RUN mkdir -p /usr/share/empty/
RUN chmod +x /vsftpd-2.3.2/vsftpd
RUN mv /vsftpd-2.3.2/vsftpd /bin/vsftpd
RUN mv /vsftpd-2.3.2/vsftpd.conf /etc/vsftpd.conf
RUN chown root:root /etc/vsftpd.conf
EXPOSE 21
CMD [ "/bin/vsftpd" ] |
Thank you for this! I just got this working and was just about to suggest adding similar steps to the vulnerable application section in the documentation. I'll add a suggestion to the docs with this dockerfile, very nice and concise. |
Anything left before were ready to launch? |
One last nit pick @rad10 - I know msf_tidy doesn't pick this up as being incorrect and there are multiple different ways of listing module options in the codebase. However we're moving towards the following pattern: metasploit-framework/documentation/modules/auxiliary/admin/dcerpc/icpr_cert.md Lines 13 to 38 in fa6d168
Where each module option is a subtitle of |
Final testing with latest changes:
|
Release NotesThis PR adds an auxiliary for DOSing a VSFTPD server from version 2.3.2 and below. |
Vulnerable Application
This is an auxiliary for DOSing a VSFTPD server from version 2.3.3 and below.
Verification Steps
msfconsole
use auxiliary/dos/ftp/vstfpd_232
set rhosts
set ftpuser
set ftppass
run
Scenarios
VSFTPD 2.3.2 - Arch linux