Home page logo

nmap-dev logo Nmap Development mailing list archives

[NSE] Check for CVE-2010-4221 - ProFTPD Server stack overflow
From: Djalal Harouni <tixxdz () opendz org>
Date: Thu, 30 Jun 2011 17:44:58 +0100


Please find attached a script that checks for the ProFTPD Telnet IAC
stack overflow CVE-2010-4221 [1]. The script will send some Telnet IAC
sequences in order to cause proftpd child to miscalculates the buffer
length and to corrupt stack data. Exploitation is possible by chaining
ret2libc or ret2code calls (ROP), you can find the metasploit module for
this in the references.
The evil packet should be able to corrupt the stack of proftpd on
different plateforms.

To test the script you need to apply the second patch to ftp.lua library.

After more tests I'll commit it tomorrow, thanks.

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4221


Attachment: ftp-vuln-cve2010-4221.nse

Attachment: ftp.lua.diff

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]