RedTeam Labs

Information Security Vulnerablities, Exploit Code and News

CATEGORIES:      Company News General Industry News Research List View

RedTeam Discovers 0-day in SmallFTPD

Category: Research Tags: denial of service, smallftpd, exploit, dos
Posted by: labs@redteamsecure.com (Jeremiah Talamantes) on 2010-05-17 11:44:11

RedTeam Discovers 0-day in SmallFTPD

Jeremiah Talamantes, Principal Security Consultant and Security Researcher at RedTeam, has discovered a 0-day security vulnerability in SmallFTPD Server version 1.0.3. The security vulnerability in the FTP server application revolves around unexpected behavior when sending a specially crafted data payload to the DELE command. An attacker can execute a remote Denial-of-Service attack on the server application by sending a string of malicious characters causing the program to crash.

Jeremiah has developed proof of concept code for this vulnerability in Python. This 0-day has been published by the Exploit Database, SecurityFocus and Packet Storm Security among others.

Published Exploit
* SecurityFocus: 40180
* Exploit DB: 12603
* Packet Storm Security



Share |



Follow Our Twitter

Follow Our RSS

Share this: |


Categories



DISCLAIMER
    The content, tools, methodologies and proof of concept code contained in these articles are in no way intended to be used for malicious intent. This information is to be used for educational purposes only. RedTeam Security does not condone the malicious use nor does it warranty the use of any of the content contained herein.


Contact Us

Phone number:
1-612-234-7848

E-mail:

info@redteamsecure.com