what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

PSFTP 1.8 Build 921 Denial Of Service

PSFTP 1.8 Build 921 Denial Of Service
Posted Apr 23, 2012
Authored by Vulnerability Laboratory | Site vulnerability-lab.com

PSFTP version 1.8 build 921 suffers from a NULL pointer denial of service vulnerability.

tags | advisory, denial of service
SHA-256 | 6cedf29fc659f2cd0c64391437f038105fadb2a16b9f4d6f8e7ae6eccd68b0da

PSFTP 1.8 Build 921 Denial Of Service

Change Mirror Download
Title:
======
PSFTP v.1.8 Build 921 - Null Pointer (DoS) Vulnerability


Date:
=====
2012-04-23


References:
===========
http://www.vulnerability-lab.com/get_content.php?id=523


VL-ID:
=====
523


Introduction:
=============
PSFtp ist eine benutzerfreundliche, ergonomische, kompakte und zuverlässige FTP Client Software mit einem großen
Funktionsumfang. Was ist ein FTP Client? Das ist ein Programm (einige nennen es auch einfach ein FTP Programm), welches
mit einem Dateimanager vergleichbar ist. Nur greift es nicht etwa auf eine andere Partition oder ein anderes Laufwerk zu,
sondern auf einen Rechner im Internet - auf einen FTP Server. Ein FTP Client eignet sich bestens für die Homepage-Pflege
(natürlich nicht nur dafür). Sie können z.B. Ihre Homepage-Dateien leicht auf einen FTP Server hochladen (engl. Upload)
oder auch irgendwelche Dateien herunterladen (engl. Download).

(Copy of the Vendor Homepage: http://www.psftp.de/index.php )


Abstract:
=========
The Vulnerability Laboratory Researcher Team discovered Null Pointer Dereference (DoS) Vulnerability in PSFTP v.1.8 Build 921.


Report-Timeline:
================
2012-04-23: Public or Non-Public Disclosure


Status:
========
Published


Exploitation-Technique:
=======================
Local


Severity:
=========
Medium


Details:
========
A Null Pointer Dereference (DoS) Vulnerability is detected in PSFTP v.1.8 Build 921. The vulnerability allows an
local privileged user to crash down the service with a persistent effect(stable). The bug is located when processing
to load large unicode keys over the license management box of the psftp client software. The inserted unicode or numeric
string got saved on the PSFTP_Key.dat which results in the stable null pointer dereference crash after the software restart.
Successful exploitation results in a stable (bex exception) application (StackHash_e98d) crash.

Vulnerable Module(s):
[+] PSFTP_Key


--- Windows Error Reports ---
Version=1
EventType=BEX
EventTime=129792568365093863
ReportType=2
Consent=1
ReportIdentifier=79865f7e-899a-11e1-98b1-a88e8292e5db
IntegratorReportIdentifier=79865f7d-899a-11e1-98b1-a88e8292e5db
WOW64=1
Response.type=4
Sig[0].Name=Anwendungsname
Sig[0].Value=PSFtp.exe
Sig[1].Name=Anwendungsversion
Sig[1].Value=1.8.1.921
Sig[2].Name=Anwendungszeitstempel
Sig[2].Value=2a425e19
Sig[3].Name=Fehlermodulname
Sig[3].Value=StackHash_e98d
Sig[4].Name=Fehlermodulversion
Sig[4].Value=0.0.0.0
Sig[5].Name=Fehlermodulzeitstempel
Sig[5].Value=00000000
Sig[6].Name=Ausnahmeoffset
Sig[6].Value=00000000
Sig[7].Name=Ausnahmecode
Sig[7].Value=c0000005
Sig[8].Name=Ausnahmedaten
Sig[8].Value=00000008
DynamicSig[1].Name=Betriebsystemversion
DynamicSig[1].Value=6.1.7601.2.1.0.768.3
DynamicSig[2].Name=Gebietsschema-ID
DynamicSig[2].Value=1031
DynamicSig[22].Name=Zusatzinformation 1
DynamicSig[22].Value=e98d
DynamicSig[23].Name=Zusatzinformation 2
DynamicSig[23].Value=e98dfca8bcf81bc1740adb135579ad53
DynamicSig[24].Name=Zusatzinformation 3
DynamicSig[24].Value=6eab
DynamicSig[25].Name=Zusatzinformation 4
DynamicSig[25].Value=6eabdd9e0dc94904be3b39a1c0583635
UI[2]=C:\\\\Program Files (x86)\\\\PSFtp\\\\PSFtp.exe
UI[3]=PSFtp - FTP FTPS SFTP Client funktioniert nicht mehr
UI[4]=Windows kann online nach einer Lösung für das Problem suchen.
UI[5]=Online nach einer Lösung suchen und das Programm schließen
UI[6]=Später online nach einer Lösung suchen und das Programm schließen
UI[7]=Programm schließen
LoadedModule[0]=C:\\\\Program Files (x86)\\\\PSFtp\\\\PSFtp.exe
LoadedModule[1]=C:\\\\Windows\\\\SysWOW64\\\\ntdll.dll
LoadedModule[2]=C:\\\\Windows\\\\syswow64\\\\kernel32.dll
... ... ...
LoadedModule[30]=C:\\\\Windows\\\\system32\\\\wsock32.dll
LoadedModule[31]=C:\\\\Windows\\\\syswow64\\\\WS2_32.dll
LoadedModule[32]=C:\\\\Windows\\\\syswow64\\\\NSI.dll
LoadedModule[33]=C:\\\\Windows\\\\system32\\\\hhctrl.ocx
LoadedModule[34]=C:\\\\Windows\\\\system32\\\\IMM32.DLL
LoadedModule[35]=C:\\\\Windows\\\\syswow64\\\\MSCTF.dll
LoadedModule[36]=C:\\\\Windows\\\\system32\\\\uxtheme.dll
FriendlyEventName=Nicht mehr funktionsfähig
ConsentKey=BEX
AppName=PSFtp - FTP FTPS SFTP Client
AppPath=C:\\\\Program Files (x86)\\\\PSFtp\\\\PSFtp.exe




Picture(s):
../1.png
../2.png


Risk:
=====
The security risk of the null pointer (dos) vulnerability is estimated as medium(-).


Credits:
========
Vulnerability Laboratory [Research Team] - N/A Anonymous


Disclaimer:
===========
The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties,
either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-
Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business
profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some
states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation
may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability-
Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of
other media, are reserved by Vulnerability-Lab or its suppliers.

Copyright © 2012 Vulnerability-Lab




--
VULNERABILITY RESEARCH LABORATORY TEAM
Website: www.vulnerability-lab.com
Mail: research@vulnerability-lab.com

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close