CVE-2008-2032
published 2008-04-30CVE-2008-2032: The FTP service in Acritum Femitter Server 1.03 allows remote attackers to cause a denial of service (crash) by sending multiple crafted RETR commands. NOTE…
PriorityP420medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
2.96%
85.5th percentile
The FTP service in Acritum Femitter Server 1.03 allows remote attackers to cause a denial of service (crash) by sending multiple crafted RETR commands. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| acritum | femitter_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Femitter FTP Server 1.x - (Authenticated) Multiple Vulnerabilities
exploitdb·2009-03-24
CVE-2008-2032 Femitter FTP Server 1.x - (Authenticated) Multiple Vulnerabilities
Femitter FTP Server 1.x - (Authenticated) Multiple Vulnerabilities
---
/*
Femitter Server FTP 1.x Multiple Vulnerability
Arbitrary:
The vulnerability is caused due to an input validation error when processing FTP requests. This can be
exploited to read, modify, or delete arbitrary files from the affected system via directory traversal
attacks.
Remote Crash:
The vulnerability is caused due to an error in handling the RETR command. This can be exploited to crash
the FTP service by sending the "RETR" command without sending the "PORT" command.
FTP Service:
You can delet file boot.ini => DELE ../../boot.ini
You can get file boot.ini => RETR ../../boot.ini
You can creat Directory => MKD ../../poc
You can delet Directory => RMD ../../WINDOWS
You can crash service => (RETR 0)x2
Author: Jon
Exploit-DB
Femitter FTP Server 1.03 - 'RETR' Remote Denial of Service (PoC)
exploitdb·2008-09-17
CVE-2008-2032 Femitter FTP Server 1.03 - 'RETR' Remote Denial of Service (PoC)
Femitter FTP Server 1.03 - 'RETR' Remote Denial of Service (PoC)
---
/*0-----------------------------------------------------------------------------------0*\
0 0
| |
| Femitter FTP Server 1.03 (RETR) Remote Denial of Service Exploit PoC |
| |
| Summary: Femitter Server is an easy-to use HTTP and FTP server application |
| for Windows which allows you to use your own computer for sharing gigabytes |
| of files with your friends and colleagues. |
| |
| Desc: Femitter HTTP/FTP 1.03 suffers from a denial of service vulnerability |
| and memory corruption that causes the application to crash. When we send to |
| the RETR command an argument like AAAA:AAAA or an overly long string of As |
| (1024), the server crashes instantly. Also, when typing into browser: |
| ftp://127.0.0.1/\.. we traver
2008-04-30
Published