Sami FTP Server Bug in Processing Username/Password Data Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID: 1016031|
SecurityTracker URL: http://securitytracker.com/id/1016031
(Links to External Site)
Updated: Dec 4 2009|
Original Entry Date: May 4 2006
Execution of arbitrary code via network, User access via network|
Exploit Included: Yes |
Version(s): 2.0.2 and prior versions|
A vulnerability was reported in Sami FTP Server. A remote user can execute arbitrary code on the target system.|
The software does not properly validate the username and password input. A remote user can send specially crafted data to trigger a buffer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target service.
Muhammad Ahmed Siddiqui discovered this vulnerability.
A remote user can execute arbitrary code on the target system.|
No solution was available at the time of this entry.|
Vendor URL: www.karjasoft.com/samiftp (Links to External Site)
|Underlying OS: Windows (Any)|
Source Message Contents
Subject: [REWTERZ-20060504] - Sami FTP Server Remote Buffer Overflow|
REWTERZ-20060504 - Sami FTP Server Remote Buffer Overflow Vulnerability
May 4, 2006
High (Remote Code Execution)
Sami FTP Server v2.0.2 and before
Operating Systems Affected:
Windows NT 4.0
Windows 98 / ME
rewterz has discovered a critical vulnerability in Sami FTP Server. This vulnerability may allow a remote attacker to overwrite memory
with user controlled data and execute arbitrary code in the context of the user who executed the Sami FTP Server.
This vulnerability exists in the handling of both username and password input provided by the user while making connection to FTP
server. We chose not to provide detailed information about the location of the vulnerability and how to reproduce it because the
author hasn't confirmed this vulnerability. We can pass a long argument with some commands into a buffer. There is no checking of
the length of these inputs. Depending on the input, this will cause exploitable condition.
We have confirmed the ability to execute our own code. This is a common buffer overflow vulnerability and can be exploited easily.
Discovery: Muhammad Ahmed Siddiqui
Copyright (c) 2003-2006 rewterz
Permission is hereby granted for the redistribution of this alert electronically. It is not to be edited in any way without express
consent of rewterz.
The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition.
There are no warranties, implied or express, with regard to this information. In no event shall the author be liable for any direct
or indirect damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information
is at the user's own risk.