Vulnerabilities > CVE-2006-0441 - Buffer Overflow vulnerability in Karjasoft Sami FTP Server 2.0.1

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
karjasoft
exploit available
metasploit
NVD
Published: 2006-01-26
Updated: 2018-10-19

Summary

Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote attackers to execute arbitrary code via a long USER command, which triggers the overflow when the log is viewed.

Vulnerable Configurations

Part Description Count
Application
Karjasoft
1

Exploit-Db

  • descriptionSami FTP Server 2.0.1 Remote Stack Based Buffer Overflow PoC. CVE-2006-0441. Remote exploit for windows platform
    idEDB-ID:1448
    last seen2016-01-31
    modified2006-01-25
    published2006-01-25
    reporterCritical Security
    sourcehttps://www.exploit-db.com/download/1448/
    titleSami FTP Server 2.0.1 - Remote Stack Based Buffer Overflow PoC
  • descriptionSami FTP Server 2.0.1 Remote Buffer Overflow Exploit (cpp). CVE-2006-0441. Remote exploit for windows platform
    idEDB-ID:1462
    last seen2016-01-31
    modified2006-01-31
    published2006-01-31
    reporterHolyGhost
    sourcehttps://www.exploit-db.com/download/1462/
    titleSami FTP Server 2.0.1 - Remote Buffer Overflow Exploit cpp
  • descriptionSami FTP Server 2.0.2 (USER/PASS) Remote Buffer Overflow PoC. CVE-2006-0441. Dos exploit for windows platform
    idEDB-ID:3127
    last seen2016-01-31
    modified2007-01-14
    published2007-01-14
    reporterMarsu
    sourcehttps://www.exploit-db.com/download/3127/
    titleSami FTP Server 2.0.2 USER/PASS Remote Buffer Overflow PoC
  • descriptionKarjaSoft Sami FTP Server v2.02 USER Overflow. CVE-2006-0441,CVE-2006-2212. Remote exploit for windows platform
    idEDB-ID:16702
    last seen2016-02-02
    modified2010-04-30
    published2010-04-30
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16702/
    titleKarjaSoft Sami FTP Server 2.02 - USER Overflow
  • descriptionKarjaSoft Sami FTP Server 2.0.2 - USER/PASS Remote Buffer Overflow (SEH). CVE-2006-0441. Remote exploit for Windows platform
    fileexploits/windows/remote/40675.py
    idEDB-ID:40675
    last seen2016-11-01
    modified2016-11-01
    platformwindows
    port
    published2016-11-01
    reportern30m1nd
    sourcehttps://www.exploit-db.com/download/40675/
    titleKarjaSoft Sami FTP Server 2.0.2 - USER/PASS Remote Buffer Overflow (SEH)
    typeremote
  • descriptionSami FTP Server 2.0.2 (USER/PASS) Remote Buffer Overflow Exploit. CVE-2006-0441. Remote exploit for windows platform
    idEDB-ID:3140
    last seen2016-01-31
    modified2007-01-17
    published2007-01-17
    reporterUmZ
    sourcehttps://www.exploit-db.com/download/3140/
    titleSami FTP Server 2.0.2 USER/PASS Remote Buffer Overflow Exploit

Metasploit

descriptionThis module exploits the KarjaSoft Sami FTP Server version 2.02 by sending an excessively long USER string. The stack is overwritten when the administrator attempts to view the FTP logs. Therefore, this exploit is passive and requires end-user interaction. Keep this in mind when selecting payloads. When the server is restarted, it will re-execute the exploit until the logfile is manually deleted via the file system.
idMSF:EXPLOIT/WINDOWS/FTP/SAMI_FTPD_USER
last seen2020-01-14
modified2017-11-08
published2008-03-17
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/ftp/sami_ftpd_user.rb
titleKarjaSoft Sami FTP Server v2.02 USER Overflow

Packetstorm

References