Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (File Transfer/Sharing)  >   Sami FTP Server Vendors:   KarjaSoft
Sami FTP Server Bug in Processing Username/Password Data Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1016031
SecurityTracker URL:
CVE Reference:   CVE-2006-2212   (Links to External Site)
Updated:  Dec 4 2009
Original Entry Date:  May 4 2006
Impact:   Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  
Version(s): 2.0.2 and prior versions
Description:   A vulnerability was reported in Sami FTP Server. A remote user can execute arbitrary code on the target system.

The software does not properly validate the username and password input. A remote user can send specially crafted data to trigger a buffer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target service.

Muhammad Ahmed Siddiqui discovered this vulnerability.

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  [REWTERZ-20060504] - Sami FTP Server Remote Buffer Overflow

REWTERZ-20060504 - Sami FTP Server Remote Buffer Overflow Vulnerability

Release Date:
May 4, 2006

High (Remote Code Execution)


Software Affected:
Sami FTP Server v2.0.2 and before

Operating Systems Affected:
Windows NT 4.0
Windows 98 / ME
Windows 2000
Windows XP
Windows 2003

rewterz has discovered a critical vulnerability in Sami FTP Server. This vulnerability may allow a remote attacker to overwrite memory
 with user controlled data and execute arbitrary code in the context of the user who executed the Sami FTP Server.

Technical Details:
This vulnerability exists in the handling of both username and password input provided by the user while making connection to FTP
 server. We chose not to provide detailed information about the location of the vulnerability and how to reproduce it because the
 author hasn't confirmed this vulnerability. We can pass a long argument with some commands into a buffer. There is no checking of
 the length of these inputs. Depending on the input, this will cause exploitable condition.

We have confirmed the ability to execute our own code. This is a common buffer overflow vulnerability and can be exploited easily.

Discovery: Muhammad Ahmed Siddiqui


Copyright (c) 2003-2006 rewterz
Permission is hereby granted for the redistribution of this alert electronically. It is not to be edited in any way without express
 consent of rewterz.

The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition.
 There are no warranties, implied or express, with regard to this information. In no event shall the author be liable for any direct
 or indirect damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information
 is at the user's own risk.


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC