Femitter FTP Server 1.03 (RETR) Remote Denial of Service Exploit PoC

Title: Femitter FTP Server 1.03 (RETR) Remote Denial of Service Exploit PoC
Advisory ID: ZSL-2008-4898
Type: Remote
Impact: DoS, Information Disclosure
Risk: (4/5)
Release Date: 17.09.2008
Summary
Femitter Server is an easy-to use HTTP and FTP server application for Windows which allows you to use your own computer for sharing gigabytes of files with your friends and colleagues.
Description
Femitter HTTP/FTP 1.03 suffers from an information disclosure and denial of service vulnerability that causes the application to crash. When we send to the RETR command an argument like AAAA:AAAA or an overly long string of As (1024), the server crashes instantly. Also, when typing into browser: ftp://127.0.0.1/\.. we traverse to the install folder of the program(CWD), and when browsing to ftp://127.0.0.1/\..\/\..\ we get access violation at address 004A218A in module "fem.exe". Write of address 00000000.
Vendor
Acritum Software - http://www.acritum.com
Affected Version
1.03
Tested On
Microsoft Windows XP Professional SP2 (English)
Vendor Status
N/A
PoC
femitter-dos.c
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://www.milw0rm.com/exploits/6481
[2] http://www.packetstormsecurity.org/filedesc/fermitter-dos.txt.html
[3] http://securityreason.com/exploitalert/4715
[4] http://www.securityfocus.com/bid/31226
[5] http://www.sebug.net/exploit/4658
[6] http://www.securitylab.ru/poc/extra/359669.php
[7] http://www.securiteam.com/exploits/5BP0M0APFS.html
[8] http://it.com.mk/index.php/Gjoko-Krstikj/Sigurnost/Femitter-FTP-Server-1.03-RETR-Remote-Denial-of-Service-Exploit-PoC
[9] http://osvdb.org/show/osvdb/44612
Changelog
[17.09.2008] - Initial release
[19.09.2008] - Added reference [6]
[21.09.2008] - Added reference [7]
[02.10.2008] - Added reference [8]
[27.07.2010] - Added reference [9]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk