Eserv 3.x FTP Server (ABOR) Remote Stack Overflow PoC

Title: Eserv 3.x FTP Server (ABOR) Remote Stack Overflow PoC
Advisory ID: ZSL-2008-4900
Type: Remote
Impact: System Access, DoS
Risk: (5/5)
Release Date: 14.10.2008
Summary
Eserv/3.x - Mail, News, Web and Proxy Servers - Mail Server (SMTP, IMAP4 and POP3) - News Server (NNTP) - Web Server (HTTP) - FTP Server - Proxy Servers (HTTP, FTP, Socks, etc) - Finger Server - Built-in scheduler and dialer.
Description
Stack-based buffer overflow in the FTP server in Etype Eserv 3.x allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long argument to the ABOR command.
Vendor
Etype - http://www.eserv.ru | http://www.etype.net
Affected Version
3.0, 3.25 and 3.26
Tested On
Microsoft Windows XP Professional SP2 (English)
Vendor Status
N/A
PoC
eserv_bof.pl
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://www.milw0rm.com/exploits/6752
[2] http://www.packetstormsecurity.org/filedesc/eserv-overflow.txt.html
[3] http://www.securityfocus.com/bid/31753
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4588
[5] http://xforce.iss.net/xforce/xfdb/45864
[6] http://securityreason.com/securityalert/4415
Changelog
[14.10.2008] - Initial release
[17.10.2008] - Added reference [6]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk