what you don't know can hurt you
Showing 1 - 1 of 1 RSS Feed

Files

Vermillion FTP Daemon PORT Command Memory Corruption
Posted Feb 10, 2010
Authored by jduck | Site metasploit.com

This Metasploit module exploits an out-of-bounds array access in the Arcane Software Vermillion FTP server. By sending an specially crafted FTP PORT command, an attacker can corrupt stack memory and execute arbitrary code. This particular issue is caused by processing data bound by attacker controlled input while writing into a 4 byte stack buffer. Unfortunately, the writing that occurs is not a simple byte copy. Processing is done using a source ptr (p) and a destination pointer (q). The vulnerable function walks the input string and continues while the source byte is non-null. If a comma is encountered, the function increments the the destination pointer. If an ascii digit [0-9] is encountered, the following occurs: *q = (*q * 10) + (*p - '0'); All other input characters are ignored in this loop. As a consequence, an attacker must craft input such that modifications to the current values on the stack result in usable values. In this exploit, the low two bytes of the return address are adjusted to point at the location of a 'call edi' instruction within the binary. This was chosen since 'edi' points at the source buffer when the function returns. NOTE: This server can be installed as a service using "vftpd.exe install". If so, the service does not restart automatically, giving an attacker only one attempt.

tags | exploit, arbitrary
MD5 | 0dbcd2c3469f1061e7b7ab3d2f7daa4c
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
New Simjacker Attack Exploited In The Wild To Track Users For At Least Two Years
Posted Sep 12, 2019

tags | headline, hacker, privacy, phone
Major Fraud Scheme Exposed By Insecure Database
Posted Sep 12, 2019

tags | headline, database, cybercrime, fraud
UNICEF Leaks Personal Data Of 8,000 Users Via Email Blunder
Posted Sep 12, 2019

tags | headline, privacy, email, data loss
Fin7 Operator Pleads Guilty To Two Counts
Posted Sep 12, 2019

tags | headline, malware, cybercrime, fraud
Weakness In Intel Chips Lets Researchers Steal Encrypted SSH Keystrokes
Posted Sep 11, 2019

tags | headline, privacy, flaw, password, cryptography, intel
Suspected Commonwealth Games DDoS Was Only A Fortnite Update
Posted Sep 11, 2019

tags | headline, denial of service
Secret Service Probing Breach At Federal IT Contractor
Posted Sep 11, 2019

tags | headline, hacker, government, usa
281 People Indicted In Massive Email Fraud Scheme
Posted Sep 11, 2019

tags | headline, government, email, usa, cybercrime, fraud, fbi
The Cyberwar In Yemen
Posted Sep 10, 2019

tags | headline, cyberwar, yemen
Ransomware Disrupts Illinois School District's Systems
Posted Sep 10, 2019

tags | headline, government, malware, usa, fraud, cryptography
View More News →
packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close