hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > Exploit Articles
Dragoon_BPM
Sep 23 2003, 06:35 PM
http://xforce.iss.net/xforce/alerts/id/154
QUOTE

Impact:
An attacker capable of uploading files to the vulnerable system can
trigger a buffer overflow and execute arbitrary code to gain complete
control of the system. Attackers may use this vulnerability to destroy,
steal, or manipulate data on vulnerable FTP sites.

Affected Versions:
ProFTPD 1.2.7
ProFTPD 1.2.8
ProFTPD 1.2.8rc1
ProFTPD 1.2.8rc2
ProFTPD 1.2.9rc1
ProFTPD 1.2.9rc2

Description:
A vulnerability exists in the ProFTPD server that can be triggered by
remote attackers when transferring files from the FTP server in ASCII
mode. The attacker must have the ability to upload a file to the server,
and then attempt to download the same file to trigger the vulnerability.

The vulnerability occurs when a file is being transferred in ASCII mode.
During a transfer of this type, file data is examined in 1024 byte chunks
to check for newline (\n) characters. The translation of these newline
characters is not handled correctly, and a buffer overflow can manifest if
ProFTPD parses a specially crafted file.

The ProFTPD daemon makes an effort to drop superuser privileges to limit
the privilege level associated with any successful attack. However,
X-Force has demonstrated that this security check can be bypassed, and
superuser access can be gained by a remote attacker.


Anyone has info on this?
Kpz
Sep 29 2003, 11:16 PM
QUOTE (Dragoon_BPM @ Sep 23 2003, 06:35 PM)
Anyone has info on this?

...or want to share POC code wink.gif?
The watcher
Oct 3 2003, 10:17 PM
no info sorry : / but its looks very interesting if u actually have a right to upload on those ftp servers ..
soulrider
Oct 4 2003, 06:42 PM
The exploit is out. Need to be modified but runs well.
-> http://www.k-otik.com/exploits/10.04.proft...pd_xforce.c.php
GaLiaRePt
Oct 4 2003, 07:08 PM
QUOTE (soulrider @ Oct 4 2003, 06:42 PM)
The exploit is out. Need to be modified but runs well.
-> http://www.k-otik.com/exploits/10.04.proft...pd_xforce.c.php

hey dude ! That's exploit have been posted on http://forums.governmentsecurity.org/index...?showtopic=3109 since Oct 2 2003 cool.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.