Home page logo

bugtraq logo Bugtraq mailing list archives

new vulnerability inPowerFTP Personal FTP Server
From: securma massine <securma () caramail com>
Date: Wed, 09 Oct 2002 16:21:53 GMT+1

PowerFTP Personal FTP Server is a multithreaded FTP server
for the MS Windows OS by Cooolsoft.

The PowerFTPd is available from vendor Cooolsoft's website:
I found a vulnerability has PowerFTP that allows a 
remote user--any user--to shut down the ftp server (tested 
on v 2.24)
I alerted coolsoft (05/10/2002) and as I did not have a 
response until A now
 1 - by opening a session telnet towards server ftp and 
sending a buffer we can crash th server
telnet 21
the server is down
2- I realised an exploit being based on another 
vulnerability... I still seek possibility to exploit this 
fault differently. 
you can download and test my exploit 
when the attack is launched there is the following 
L exeption Exeption logicielle inconnue (0x0eedfade) s'ext 
produite dans l'application a l'emplacement 0x77e7f142

Exeption EFtpCtrlsocketexeption in module FTPServer.exe at 
00059DE6. Data in buffer , cant change size

This was tested against PowerFTP Personal FTP Server v2.24

securma () caramail com

Envoyez des messages musicaux sur le portable de vos amis 

  By Date           By Thread  

Current thread:
  • new vulnerability inPowerFTP Personal FTP Server securma massine (Oct 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]