Vulnerabilities > CVE-2006-2212 - Authentication Buffer Overflow vulnerability in Karjasoft Sami FTP Server 2.0.2

047910
CVSS 6.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
karjasoft
exploit available
metasploit
NVD
Published: 2006-05-05
Updated: 2018-10-18

Summary

Buffer overflow in KarjaSoft Sami FTP Server 2.0.2 and earlier allows remote attackers to execute arbitrary code via a long (1) USER or (2) PASS command.

Vulnerable Configurations

Part Description Count
Application
Karjasoft
1

Exploit-Db

descriptionKarjaSoft Sami FTP Server v2.02 USER Overflow. CVE-2006-0441,CVE-2006-2212. Remote exploit for windows platform
idEDB-ID:16702
last seen2016-02-02
modified2010-04-30
published2010-04-30
reportermetasploit
sourcehttps://www.exploit-db.com/download/16702/
titleKarjaSoft Sami FTP Server 2.02 - USER Overflow

Metasploit

descriptionThis module exploits the KarjaSoft Sami FTP Server version 2.02 by sending an excessively long USER string. The stack is overwritten when the administrator attempts to view the FTP logs. Therefore, this exploit is passive and requires end-user interaction. Keep this in mind when selecting payloads. When the server is restarted, it will re-execute the exploit until the logfile is manually deleted via the file system.
idMSF:EXPLOIT/WINDOWS/FTP/SAMI_FTPD_USER
last seen2020-01-14
modified2017-11-08
published2008-03-17
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/ftp/sami_ftpd_user.rb
titleKarjaSoft Sami FTP Server v2.02 USER Overflow

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/83185/sami_ftpd_user.rb.txt
idPACKETSTORM:83185
last seen2016-12-05
published2009-11-26
reporterpatrick
sourcehttps://packetstormsecurity.com/files/83185/KarjaSoft-Sami-FTP-Server-v2.02-USER-Overflow.html
titleKarjaSoft Sami FTP Server v2.02 USER Overflow

References