← Advisories

Eserv 3.x FTP Server (ABOR) Remote Stack Overflow PoC

Critical

Advisory ID

ZSL-2008-4900

Release Date

14 October 2008

Vendor

Etype - http://www.eserv.ru, http://www.etype.net

Affected Version

3.0, 3.25 and 3.26

CVE

CVE-2008-4588

Tested On

Microsoft Windows XP Professional SP2 (English)

Summary

Eserv/3.x - Mail, News, Web and Proxy Servers - Mail Server (SMTP, IMAP4 and POP3) - News Server (NNTP) - Web Server (HTTP) - FTP Server - Proxy Servers (HTTP, FTP, Socks, etc) - Finger Server - Built-in scheduler and dialer.

Description

Stack-based buffer overflow in the FTP server in Etype Eserv 3.x allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long argument to the ABOR command.

Proof of Concept

eserv_bof.plTXT

Disclosure Timeline

N/A

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]http://www.milw0rm.com/exploits/6752

[2]http://www.packetstormsecurity.org/filedesc/eserv-overflow.txt.html

[3]http://www.securityfocus.com/bid/31753

[4]http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4588

[5]http://xforce.iss.net/xforce/xfdb/45864

[6]http://securityreason.com/securityalert/4415

Changelog

14.10.2008Initial release

17.10.2008Added reference [6]