Exploit Cerberus FTP Server 1.x - Buffer Overflow (Denial of Service) (PoC)

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
20946
Проверка EDB
  1. Пройдено
Автор
CARTEL
Тип уязвимости
DOS
Платформа
WINDOWS
CVE
cve-2001-0702
Дата публикации
2001-06-21
Код:
source: https://www.securityfocus.com/bid/2901/info

erberus FTP Server is a free, multi-threaded file transfer utility for Microsoft Windows systems.

There is a buffer overflow in Cerberus FTP Server. The problem occurs when a user is attempting to authenticate. If the login fields(username, password) are filled with an excessive amount of characters(300+) then the affected service will crash. The FTP Server software will need to be restarted to regain normal functionality.

It has also been reported that entering an excessive amount of characters in just the password field will acheive the same result.

Due to the fact that the problem stems from a buffer overflow, there is a possibility that arbitrary code may be executed on the vulnerable host.

This vulnerability does not require any user authentication to exploit. It may be possible for remote users to cause a denial of service or execute arbitrary code on target hosts. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/20946.exe
 
Источник
www.exploit-db.com

Похожие темы