Sami FTP Server LIST command buffer overflow

Added: 04/01/2013
BID: 58247
OSVDB: 90815

Background

Sami FTP Server is an FTP server for Windows.

Problem

Sami FTP Server is affected by a buffer overflow vulnerability. A remote attacker could exploit this vulnerability by sending a long, specially crafted LIST command to the server, resulting in command execution when a user views the Log tab.

Resolution

Sami FTP Server is no longer supported. Use a different FTP server.

References

http://www.exploit-db.com/exploits/24557/

Limitations

Exploit works on Sami FTP Server 2.0.1 on Windows Server 2003 SP2 English (DEP OptOut) with KB956802 and KB2644615.

A user must view the Log tab in Sami FTP Server after running this exploit in order for the exploit to succeed. The exploit remains listening for a connectback in the background.

Platforms

Windows

Back to exploit index