BolinTech Dream FTP Server FTP Command Format String Vulnerability
BID:9800
Info
BolinTech Dream FTP Server FTP Command Format String Vulnerability
| Bugtraq ID: | 9800 |
| Class: | Input Validation Error |
| CVE: |
CVE-2004-2074 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 03 2004 12:00AM |
| Updated: | Jan 30 2008 09:47PM |
| Credit: | Discovery of this vulnerability has been credited to "intuit" <[email protected]>. |
| Vulnerable: |
BolinTech Dream FTP Server 1.0 2 |
| Not Vulnerable: | |
Discussion
BolinTech Dream FTP Server FTP Command Format String Vulnerability
Dream FTP Server is prone to a remote format-string vulnerability when processing a malicious request from a client.
Exploiting this issue could allow an attacker to crash the server and possibly to execute arbitrary code on the system hosting the server. This would occur in the security context of the server process.
Dream FTP Server is prone to a remote format-string vulnerability when processing a malicious request from a client.
Exploiting this issue could allow an attacker to crash the server and possibly to execute arbitrary code on the system hosting the server. This would occur in the security context of the server process.
Exploit / POC
BolinTech Dream FTP Server FTP Command Format String Vulnerability
The following examples have been supplied:
user %n
pass %n
retr %n
...
and just "%n" in command line.
The following exploit code is available as a module from the Metasploit Framework:
The following examples have been supplied:
user %n
pass %n
retr %n
...
and just "%n" in command line.
The following exploit code is available as a module from the Metasploit Framework:
Solution / Fix
BolinTech Dream FTP Server FTP Command Format String Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
BolinTech Dream FTP Server FTP Command Format String Vulnerability
References:
References:
- Dream FTP Server Homepage (BolinTech)