Home page logo
/

nmap-dev logo Nmap Development mailing list archives

[NSE] Check for CVE-2010-4221 - ProFTPD Server stack overflow
From: Djalal Harouni <tixxdz () opendz org>
Date: Thu, 30 Jun 2011 17:44:58 +0100

Hi,

Please find attached a script that checks for the ProFTPD Telnet IAC
stack overflow CVE-2010-4221 [1]. The script will send some Telnet IAC
sequences in order to cause proftpd child to miscalculates the buffer
length and to corrupt stack data. Exploitation is possible by chaining
ret2libc or ret2code calls (ROP), you can find the metasploit module for
this in the references.
The evil packet should be able to corrupt the stack of proftpd on
different plateforms.

To test the script you need to apply the second patch to ftp.lua library.

After more tests I'll commit it tomorrow, thanks.

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4221

-- 
tixxdz
http://opendz.org

Attachment: ftp-vuln-cve2010-4221.nse
Description:

Attachment: ftp.lua.diff
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]