Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » New vulnerability in PowerFTP Personal FTP Server

New vulnerability in PowerFTP Personal FTP Server

by Nikola Strahija on October 9th, 2002 PowerFTP Personal FTP Server is a multithreaded FTP server for the MS Windows OS by Cooolsoft. The PowerFTPd is available from vendor Cooolsoft website: http://www.cooolsoft.com


It is found a vulnerability has PowerFTP that allows a
remote user--any user--to shut down the ftp server (tested
on v 2.24)
It is alerted coolsoft (05/10/2002) and there is no
response until A now
1 - by opening a session telnet towards server ftp and
sending a buffer we can crash th server
telnet 127.0.0.1 21
[banner..]
AAA(buffer)
the server is down
2- It is realised an exploit being based on another
vulnerability... I still seek possibility to exploit this
fault differently.
you can download and test my exploit
http://www.securma.fr.fm/PFDOS.ZIP
when the attack is launched there is the following
message:
L exeption Exeption logicielle inconnue (0x0eedfade) ext
produite dans application a emplacement 0x77e7f142

Exeption EFtpCtrlsocketexeption in module FTPServer.exe at
00059DE6. Data in buffer , cant change size

This was tested against PowerFTP Personal FTP Server v2.24

[email protected]



Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »