Cerberus FTP Server 1.x - Buffer Overflow (Denial of Service) (PoC)

EDB-ID:

20946


Author:

Cartel

Type:

dos


Platform:

Windows

Date:

2001-06-21


source: https://www.securityfocus.com/bid/2901/info

erberus FTP Server is a free, multi-threaded file transfer utility for Microsoft Windows systems.

There is a buffer overflow in Cerberus FTP Server. The problem occurs when a user is attempting to authenticate. If the login fields(username, password) are filled with an excessive amount of characters(300+) then the affected service will crash. The FTP Server software will need to be restarted to regain normal functionality.

It has also been reported that entering an excessive amount of characters in just the password field will acheive the same result.

Due to the fact that the problem stems from a buffer overflow, there is a possibility that arbitrary code may be executed on the vulnerable host.

This vulnerability does not require any user authentication to exploit. It may be possible for remote users to cause a denial of service or execute arbitrary code on target hosts. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/20946.exe