Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12403
HistoryApr 25, 2006 - 12:00 a.m.

Quick 'n Easy FTP Server pro/lite Logging unicode stack overflow

2006-04-2500:00:00
vulners.com
15
JSON

IHS Iran Homeland Security Public advisory
by : c0d3r "Kaveh Razavi" [email protected]

Title : Quick 'n Easy FTP Server pro/lite
Logging unicode stack overflow

information :

Quick 'n Easy FTP Server is a simple and handy FTP server which is
developed by Pablo van der Meer . there is a unicode overflow in the
logging process ,after enough long string sent as an argument of a
command when you go to the logging section overflow happens and
SEH gets hit .

simple exploitation :

it is a unicode overflow so any code execution wont be stable .
here is a sampe way to trigger the vulnerability :
login to the FTP Server then try :
command aaaaa < about 1100 a (0x61) here > aaaa
then in the ftp server main window go to Logging section .
the FTP Server will crash . and in the ftptrace.txt we have :
24/07/2006 20:41:53.500 Exception caught by MainExceptionHandler():
Exception : c0000005
Address : 00610061
Access Type : write
Access Address : 00000000
the amazing part is if your string was large enough the ftp server
detect overflow and prevents from any pointers overwrite .

Risk Rate : Medium

1) it is a unicode overflow , and exploitation wont be stable because
of the vulnerability's nature .
2) successful exploitation needs the admin go to the logging section .
3) it needs authentication .

workaround :

no patch , all targets are vulnerable.

Disclosure timeline :

March 26 , 2006 : vender contacted
March 27 , 2006 : vender replyed *
March 27 , 2006 : vender contacted , example provided
March 28 , 2006 : vender replyed **
March 28 , 2006 : vender contacted , C code provided to test the vuln.
March 29 , 2006 : vender replyed ***
April 25 , 2006 : public release

  • vender says I haven't applyed all the microsoft updates while I
    have and of course an overflow issue in a software is not related
    to microsoft libraries .
    ** vender is insisting that the problem is not the FTP problem and my
    box problem .
    *** I sent him a C code to check the vulnerability , he said he will
    contact me . well he didn't .

Credit :

all go to IHS team
www.ihsteam.com
www.ihsteam.net
www.c0d3r.org

greeting :

LorD and NT of IHS , Jamie of exploitdev.org ,
other friends of mine in www.underground.ir

JSON