← Advisories

Femitter FTP Server 1.03 (RETR) Remote Denial of Service Exploit PoC

High
Advisory ID
ZSL-2008-4898
Release Date
17 September 2008
Vendor
Acritum Software - http://www.acritum.com
Affected Version
1.03
CVE
CVE-2008-2032
Tested On
Microsoft Windows XP Professional SP2 (English)
Summary

Femitter Server is an easy-to use HTTP and FTP server application for Windows which allows you to use your own computer for sharing gigabytes of files with your friends and colleagues.

Description

Femitter HTTP/FTP 1.03 suffers from an information disclosure and denial of service vulnerability that causes the application to crash. When we send to the RETR command an argument like AAAA:AAAA or an overly long string of As (1024), the server crashes instantly. Also, when typing into browser: ftp://127.0.0.1/\.. we traverse to the install folder of the program(CWD), and when browsing to ftp://127.0.0.1/\..\/\..\ we get access violation at address 004A218A in module "fem.exe". Write of address 00000000.

Proof of Concept
femitter-dos.cTXT
Disclosure Timeline
N/A
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://www.milw0rm.com/exploits/6481
[2]http://www.packetstormsecurity.org/filedesc/fermitter-dos.txt.html
[3]http://securityreason.com/exploitalert/4715
[4]http://www.securityfocus.com/bid/31226
[5]http://www.sebug.net/exploit/4658
[6]http://www.securitylab.ru/poc/extra/359669.php
[7]http://www.securiteam.com/exploits/5BP0M0APFS.html
[8]http://it.com.mk/index.php/Gjoko-Krstikj/Sigurnost/Femitter-FTP-Server-1.03-RETR-Remote-Denial-of-Service-Exploit-PoC
[9]http://osvdb.org/show/osvdb/44612
[10]https://exchange.xforce.ibmcloud.com/vulnerabilities/42075
[11]https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2032
[12]https://nvd.nist.gov/vuln/detail/CVE-2008-2032
Changelog
17.09.2008Initial release
19.09.2008Added reference [6]
21.09.2008Added reference [7]
02.10.2008Added reference [8]
27.07.2010Added reference [9]
25.10.2021Added reference [10], [11] and [12]