what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

PSFTP 1.8 Build 921 Denial Of Service

PSFTP 1.8 Build 921 Denial Of Service
Posted Apr 23, 2012
Authored by Vulnerability Laboratory | Site vulnerability-lab.com

PSFTP version 1.8 build 921 suffers from a NULL pointer denial of service vulnerability.

tags | advisory, denial of service
SHA-256 | 6cedf29fc659f2cd0c64391437f038105fadb2a16b9f4d6f8e7ae6eccd68b0da

PSFTP 1.8 Build 921 Denial Of Service

Change Mirror Download
Title:
======
PSFTP v.1.8 Build 921 - Null Pointer (DoS) Vulnerability


Date:
=====
2012-04-23


References:
===========
http://www.vulnerability-lab.com/get_content.php?id=523


VL-ID:
=====
523


Introduction:
=============
PSFtp ist eine benutzerfreundliche, ergonomische, kompakte und zuverlässige FTP Client Software mit einem großen
Funktionsumfang. Was ist ein FTP Client? Das ist ein Programm (einige nennen es auch einfach ein FTP Programm), welches
mit einem Dateimanager vergleichbar ist. Nur greift es nicht etwa auf eine andere Partition oder ein anderes Laufwerk zu,
sondern auf einen Rechner im Internet - auf einen FTP Server. Ein FTP Client eignet sich bestens für die Homepage-Pflege
(natürlich nicht nur dafür). Sie können z.B. Ihre Homepage-Dateien leicht auf einen FTP Server hochladen (engl. Upload)
oder auch irgendwelche Dateien herunterladen (engl. Download).

(Copy of the Vendor Homepage: http://www.psftp.de/index.php )


Abstract:
=========
The Vulnerability Laboratory Researcher Team discovered Null Pointer Dereference (DoS) Vulnerability in PSFTP v.1.8 Build 921.


Report-Timeline:
================
2012-04-23: Public or Non-Public Disclosure


Status:
========
Published


Exploitation-Technique:
=======================
Local


Severity:
=========
Medium


Details:
========
A Null Pointer Dereference (DoS) Vulnerability is detected in PSFTP v.1.8 Build 921. The vulnerability allows an
local privileged user to crash down the service with a persistent effect(stable). The bug is located when processing
to load large unicode keys over the license management box of the psftp client software. The inserted unicode or numeric
string got saved on the PSFTP_Key.dat which results in the stable null pointer dereference crash after the software restart.
Successful exploitation results in a stable (bex exception) application (StackHash_e98d) crash.

Vulnerable Module(s):
[+] PSFTP_Key


--- Windows Error Reports ---
Version=1
EventType=BEX
EventTime=129792568365093863
ReportType=2
Consent=1
ReportIdentifier=79865f7e-899a-11e1-98b1-a88e8292e5db
IntegratorReportIdentifier=79865f7d-899a-11e1-98b1-a88e8292e5db
WOW64=1
Response.type=4
Sig[0].Name=Anwendungsname
Sig[0].Value=PSFtp.exe
Sig[1].Name=Anwendungsversion
Sig[1].Value=1.8.1.921
Sig[2].Name=Anwendungszeitstempel
Sig[2].Value=2a425e19
Sig[3].Name=Fehlermodulname
Sig[3].Value=StackHash_e98d
Sig[4].Name=Fehlermodulversion
Sig[4].Value=0.0.0.0
Sig[5].Name=Fehlermodulzeitstempel
Sig[5].Value=00000000
Sig[6].Name=Ausnahmeoffset
Sig[6].Value=00000000
Sig[7].Name=Ausnahmecode
Sig[7].Value=c0000005
Sig[8].Name=Ausnahmedaten
Sig[8].Value=00000008
DynamicSig[1].Name=Betriebsystemversion
DynamicSig[1].Value=6.1.7601.2.1.0.768.3
DynamicSig[2].Name=Gebietsschema-ID
DynamicSig[2].Value=1031
DynamicSig[22].Name=Zusatzinformation 1
DynamicSig[22].Value=e98d
DynamicSig[23].Name=Zusatzinformation 2
DynamicSig[23].Value=e98dfca8bcf81bc1740adb135579ad53
DynamicSig[24].Name=Zusatzinformation 3
DynamicSig[24].Value=6eab
DynamicSig[25].Name=Zusatzinformation 4
DynamicSig[25].Value=6eabdd9e0dc94904be3b39a1c0583635
UI[2]=C:\\\\Program Files (x86)\\\\PSFtp\\\\PSFtp.exe
UI[3]=PSFtp - FTP FTPS SFTP Client funktioniert nicht mehr
UI[4]=Windows kann online nach einer Lösung für das Problem suchen.
UI[5]=Online nach einer Lösung suchen und das Programm schließen
UI[6]=Später online nach einer Lösung suchen und das Programm schließen
UI[7]=Programm schließen
LoadedModule[0]=C:\\\\Program Files (x86)\\\\PSFtp\\\\PSFtp.exe
LoadedModule[1]=C:\\\\Windows\\\\SysWOW64\\\\ntdll.dll
LoadedModule[2]=C:\\\\Windows\\\\syswow64\\\\kernel32.dll
... ... ...
LoadedModule[30]=C:\\\\Windows\\\\system32\\\\wsock32.dll
LoadedModule[31]=C:\\\\Windows\\\\syswow64\\\\WS2_32.dll
LoadedModule[32]=C:\\\\Windows\\\\syswow64\\\\NSI.dll
LoadedModule[33]=C:\\\\Windows\\\\system32\\\\hhctrl.ocx
LoadedModule[34]=C:\\\\Windows\\\\system32\\\\IMM32.DLL
LoadedModule[35]=C:\\\\Windows\\\\syswow64\\\\MSCTF.dll
LoadedModule[36]=C:\\\\Windows\\\\system32\\\\uxtheme.dll
FriendlyEventName=Nicht mehr funktionsfähig
ConsentKey=BEX
AppName=PSFtp - FTP FTPS SFTP Client
AppPath=C:\\\\Program Files (x86)\\\\PSFtp\\\\PSFtp.exe




Picture(s):
../1.png
../2.png


Risk:
=====
The security risk of the null pointer (dos) vulnerability is estimated as medium(-).


Credits:
========
Vulnerability Laboratory [Research Team] - N/A Anonymous


Disclaimer:
===========
The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties,
either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-
Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business
profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some
states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation
may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability-
Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of
other media, are reserved by Vulnerability-Lab or its suppliers.

Copyright © 2012 Vulnerability-Lab




--
VULNERABILITY RESEARCH LABORATORY TEAM
Website: www.vulnerability-lab.com
Mail: research@vulnerability-lab.com

Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    48 Files
  • 20
    Sep 20th
    36 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    38 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close