project6011 remote format string vulnerability

number: #14
author: Dark Eagle
date: 24.02.05
vendor: http://lbyte.ru
status: NO-PATCHES

overview:

Project6011 version 1.1.5 The Search Machine of Network Protocols. It's scans hosts to identify network protocols.

details:

serious vulnerability was founded in scanning FTP protocol. when project6011 scanning ftp protocol and reading banner from
ftp daemon, it's not checking input buffer on formats. exploit this bug is very simple.

NOTE:
i tested this bug in SMTP, FTP, TELNET and it's w0rking very well :)

solution:

don't use snprintf() or sprintf() or fprintf() without formats.

exploit:

PoC exploit is avaible from our site (http://unl0ck.void.ru ). It's creates fake server and when k1ddie will scan
this fake server, he will be in a
big sh1t!

greetz:
all unl0ckerz, gh0stz, nosystemz.

(c) uKt Research
		2004-2005
http://unl0ck.void.ru