Enceladus Server Suite FTP Command Buffer Overflows Let Remote Authenticated Users Crash the FTP Service
|
|
SecurityTracker Alert ID: 1007701
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Sep 14 2003
|
Impact: Denial of service via network
|
Exploit Included: Yes
|
Version(s): 4.0b
|
Description: Several buffer overflow vulnerabilities were reported in Enceladus Server Suite. A remote authenticated user (including an anonymous FTP user) can cause the target FTP service to crash.
Dr_insane reported that a remote user can connect to the FTP service, authenticate, and send various commands to trigger the buffer
overflows and cause the FTP service to crash.
Some demonstration exploit commands are provided:
CWD 344 * A
Stat 340 *
A
mkd 270 * A
xmkd 270 * A
rmd 270 * A
nlst 340 * A
It is reported that a specially crafted NLST command will also
cause the included HTTP daemon to crash.
|
Impact: A remote authenticated user can cause the FTP service and the HTTP service to crash.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.mollensoft.com/product3.htm (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Windows (Any)
|
Reported By: dr_insane@pathfinder.gr
|
Message History:
None.
|
Source Message Contents
|
Date: Sun, 14 Sep 2003 05:00:54 +0300
From: "=?windows-1253?B?w+nc7e3n8iDQ7+z+7efy?=" <dr_insane@pathfinder.gr>
Subject: [0day] dr_insane||Enceladus Server suite 4.0b Security Advisory
|
------------------------------------------------------------------
Enceladus Server suite 4.0b Security Advisory
------------------------------------------------------------------
-= by Dr_insane (dr_insane@pathfinder.gr) =-
Product:
--------
Enceladus Server suite 4.0b
Vunerability(s):
----------------
1. Multiple buffer overflows
2. Passwords are stored in clear text
Description of product:
-----------------------
Enceladus Server Suite is an Intranet lightweight Web and FTP Server for Windows,
provides file sharing on any network! Perfect for Home Network Use, Small business
and Personal Intranet Use. You don't have to be an expert to setup file sharing or
run your own web site and FTP Server!! This Server Suite is One of the Easiest To
Install and Operate!
Enceladus Server Suite is a package that contains A web and an ftp server.Many buffer overflows
found on the ftp server that allows you to crash the ftp server or execute arbitary code.Moreover Pas
swords
are stored in clear text.
VUNERABILITY / EXPLOIT
======================
1.Multiple buffer overflows
By connecting on the ftp and supplying a big command the ftp server will stop responding.
CWD 344 * A
overflow..crash...
Stat 340 * A
overflow..crash...
mkd 270 * A
overflow..crash...
xmkd 270 * A
overflow..crash...
rmd 270 * A
overflow..crash...
nlst 340 * A
overflow..crash...
After giving this command even the HTTP server will crash:)
2.Passwords are stored in clear text
A vulnerability has been identified in Enceladus Server suite allowing malicious, local users to see
usernames and passwords.
The problem is that usernames and passwords for the server are stored in clear text in the folder "
users".
For example if we open the file 'root' we will get:
fo059ht23
c:\enceladus\html\downloads
Yes
'fo059ht23' is the password.
Local:
------
Yes
Remote:
-------
We can crash the whole thing via remote!
Credits:
--------
Dr_insane
dr_insane@pathfinder.gr , dr_insane@hack.gr
Http://members.lycos.co.uk/r34ct/
______________________________________________________________________________________
http://mobile.pathfinder.gr - Pathfinder Mobile logos & Ringtones!
http://www.pathfinder.gr - Δωρεάν mail από τον Pathfinder!
_______________________________________________
0day mailing list
0day@nothackers.org
http://nothackers.org/mailman/listinfo/0day
|
|
